diff --git a/2002/0xxx/CVE-2002-0416.json b/2002/0xxx/CVE-2002-0416.json index 5dc6a4b0a16..238b18b2e4b 100644 --- a/2002/0xxx/CVE-2002-0416.json +++ b/2002/0xxx/CVE-2002-0416.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020305 Buffer Overflows in sh39.com", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/259818" - }, - { - "name" : "4232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4232" - }, - { - "name" : "sh39-mailserver-dos(8379)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8379.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4232" + }, + { + "name": "20020305 Buffer Overflows in sh39.com", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/259818" + }, + { + "name": "sh39-mailserver-dos(8379)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8379.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0948.json b/2002/0xxx/CVE-2002-0948.json index ac2c470b79b..eba0f315de7 100644 --- a/2002/0xxx/CVE-2002-0948.json +++ b/2002/0xxx/CVE-2002-0948.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020613 Re: SSI & CSS execution in MakeBook 2.2", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html" - }, - { - "name" : "20020612 SSI & CSS execution in MakeBook 2.2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html" - }, - { - "name" : "http://www.tesol.net/scriptmail.html", - "refsource" : "CONFIRM", - "url" : "http://www.tesol.net/scriptmail.html" - }, - { - "name" : "http://www.linguistic-funland.com/scripts/MakeBook/makebook.script", - "refsource" : "CONFIRM", - "url" : "http://www.linguistic-funland.com/scripts/MakeBook/makebook.script" - }, - { - "name" : "4996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4996" - }, - { - "name" : "makebook-name-field-validation(9356)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9356.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4996" + }, + { + "name": "20020612 SSI & CSS execution in MakeBook 2.2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html" + }, + { + "name": "makebook-name-field-validation(9356)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9356.php" + }, + { + "name": "http://www.tesol.net/scriptmail.html", + "refsource": "CONFIRM", + "url": "http://www.tesol.net/scriptmail.html" + }, + { + "name": "http://www.linguistic-funland.com/scripts/MakeBook/makebook.script", + "refsource": "CONFIRM", + "url": "http://www.linguistic-funland.com/scripts/MakeBook/makebook.script" + }, + { + "name": "20020613 Re: SSI & CSS execution in MakeBook 2.2", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2113.json b/2002/2xxx/CVE-2002-2113.json index d453bbde700..e551f69d4c0 100644 --- a/2002/2xxx/CVE-2002-2113.json +++ b/2002/2xxx/CVE-2002-2113.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/securitynews/5WP0R2K60O.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5WP0R2K60O.html" - }, - { - "name" : "3985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3985" - }, - { - "name" : "ahg-search-execute-commands(8032)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8032.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/securitynews/5WP0R2K60O.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5WP0R2K60O.html" + }, + { + "name": "3985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3985" + }, + { + "name": "ahg-search-execute-commands(8032)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8032.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0062.json b/2005/0xxx/CVE-2005-0062.json index 1d14ae12d7d..d66983a09b4 100644 --- a/2005/0xxx/CVE-2005-0062.json +++ b/2005/0xxx/CVE-2005-0062.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0062", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0062", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0254.json b/2005/0xxx/CVE-2005-0254.json index 37db6b23eef..972319fa3e8 100644 --- a/2005/0xxx/CVE-2005-0254.json +++ b/2005/0xxx/CVE-2005-0254.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050217 Advisory: Multiple Vulnerabilities in BibORB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110868948719773&w=2" - }, - { - "name" : "20050217 Advisory: Multiple Vulnerabilities in BibORB", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110864983905770&w=2" - }, - { - "name" : "12583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12583" + }, + { + "name": "20050217 Advisory: Multiple Vulnerabilities in BibORB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110868948719773&w=2" + }, + { + "name": "20050217 Advisory: Multiple Vulnerabilities in BibORB", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110864983905770&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0506.json b/2005/0xxx/CVE-2005-0506.json index 56cae34dad7..5b886d0b367 100644 --- a/2005/0xxx/CVE-2005-0506.json +++ b/2005/0xxx/CVE-2005-0506.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\\IP400\\Generic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050222 Avaya IP Office Phone Manager - Sensitive Information Cleartext", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110909733831694&w=2" - }, - { - "name" : "20050222 Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110910486128709&w=2" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\\IP400\\Generic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050222 Avaya IP Office Phone Manager - Sensitive Information Cleartext", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110909733831694&w=2" + }, + { + "name": "20050222 Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110910486128709&w=2" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0724.json b/2005/0xxx/CVE-2005-0724.json index fd4be112cd2..e6720ca1ca9 100644 --- a/2005/0xxx/CVE-2005-0724.json +++ b/2005/0xxx/CVE-2005-0724.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050308 Multiple vulnerabilities in paFileDB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111031801802851&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050308 Multiple vulnerabilities in paFileDB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111031801802851&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0889.json b/2005/0xxx/CVE-2005-0889.json index 89f55da100d..6235e465e6e 100644 --- a/2005/0xxx/CVE-2005-0889.json +++ b/2005/0xxx/CVE-2005-0889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12895" - }, - { - "name" : "1013558", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12895" + }, + { + "name": "1013558", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013558" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1355.json b/2005/1xxx/CVE-2005-1355.json index 34c2f2246ed..305a1cc3179 100644 --- a/2005/1xxx/CVE-2005-1355.json +++ b/2005/1xxx/CVE-2005-1355.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050424 remote command execution in includer.cgi script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111445548126797&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050424 remote command execution in includer.cgi script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111445548126797&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1562.json b/2005/1xxx/CVE-2005-1562.json index 232d55449af..189104284f8 100644 --- a/2005/1xxx/CVE-2005-1562.json +++ b/2005/1xxx/CVE-2005-1562.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050511 [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111584883727605&w=2" - }, - { - "name" : "http://www.hackerscenter.com/archive/view.asp?id=2542", - "refsource" : "MISC", - "url" : "http://www.hackerscenter.com/archive/view.asp?id=2542" - }, - { - "name" : "13601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13601" - }, - { - "name" : "16502", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16502" - }, - { - "name" : "16503", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16503" - }, - { - "name" : "16504", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16504" - }, - { - "name" : "16506", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16506" - }, - { - "name" : "16510", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16510" - }, - { - "name" : "15329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15329" - }, - { - "name" : "maxwebportal-postasp-sql-injection(20562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050511 [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111584883727605&w=2" + }, + { + "name": "http://www.hackerscenter.com/archive/view.asp?id=2542", + "refsource": "MISC", + "url": "http://www.hackerscenter.com/archive/view.asp?id=2542" + }, + { + "name": "16504", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16504" + }, + { + "name": "maxwebportal-postasp-sql-injection(20562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20562" + }, + { + "name": "15329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15329" + }, + { + "name": "13601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13601" + }, + { + "name": "16506", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16506" + }, + { + "name": "16502", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16502" + }, + { + "name": "16503", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16503" + }, + { + "name": "16510", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16510" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4036.json b/2005/4xxx/CVE-2005-4036.json index 6ed2c461066..16267c54fcc 100644 --- a/2005/4xxx/CVE-2005-4036.json +++ b/2005/4xxx/CVE-2005-4036.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the \"remote URL.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html" - }, - { - "name" : "15702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15702" - }, - { - "name" : "ADV-2005-2743", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2743" - }, - { - "name" : "17876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the \"remote URL.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17876" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html" + }, + { + "name": "15702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15702" + }, + { + "name": "ADV-2005-2743", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2743" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4266.json b/2005/4xxx/CVE-2005-4266.json index 30f8c469b18..41784dc379b 100644 --- a/2005/4xxx/CVE-2005-4266.json +++ b/2005/4xxx/CVE-2005-4266.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipomonis.com/advisories/mdaemon.zip", - "refsource" : "MISC", - "url" : "http://www.ipomonis.com/advisories/mdaemon.zip" - }, - { - "name" : "17990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ipomonis.com/advisories/mdaemon.zip", + "refsource": "MISC", + "url": "http://www.ipomonis.com/advisories/mdaemon.zip" + }, + { + "name": "17990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17990" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4484.json b/2005/4xxx/CVE-2005-4484.json index 791fad79322..c37d3b0b115 100644 --- a/2005/4xxx/CVE-2005-4484.json +++ b/2005/4xxx/CVE-2005-4484.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html" - }, - { - "name" : "16010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16010" - }, - { - "name" : "ADV-2005-3039", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3039" - }, - { - "name" : "18200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18200" + }, + { + "name": "ADV-2005-3039", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3039" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html" + }, + { + "name": "16010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16010" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0163.json b/2009/0xxx/CVE-2009-0163.json index 5107ca4f31b..e68226a0572 100644 --- a/2009/0xxx/CVE-2009-0163.json +++ b/2009/0xxx/CVE-2009-0163.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090417 rPSA-2009-0061-1 cups", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502750/100/0/threaded" - }, - { - "name" : "http://www.cups.org/articles.php?L582", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/articles.php?L582" - }, - { - "name" : "http://www.cups.org/str.php?L3031", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/str.php?L3031" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=490596", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=490596" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0061", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0061" - }, - { - "name" : "DSA-1773", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1773" - }, - { - "name" : "GLSA-200904-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-20.xml" - }, - { - "name" : "RHSA-2009:0428", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0428.html" - }, - { - "name" : "RHSA-2009:0429", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0429.html" - }, - { - "name" : "SUSE-SA:2009:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html" - }, - { - "name" : "USN-760-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-760-1" - }, - { - "name" : "34571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34571" - }, - { - "name" : "oval:org.mitre.oval:def:11546", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546" - }, - { - "name" : "1022070", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022070" - }, - { - "name" : "34481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34481" - }, - { - "name" : "34722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34722" - }, - { - "name" : "34852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34852" - }, - { - "name" : "34756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34756" - }, - { - "name" : "34747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200904-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-20.xml" + }, + { + "name": "http://www.cups.org/articles.php?L582", + "refsource": "CONFIRM", + "url": "http://www.cups.org/articles.php?L582" + }, + { + "name": "USN-760-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-760-1" + }, + { + "name": "34481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34481" + }, + { + "name": "RHSA-2009:0428", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0428.html" + }, + { + "name": "34571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34571" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0061", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061" + }, + { + "name": "34747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34747" + }, + { + "name": "20090417 rPSA-2009-0061-1 cups", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded" + }, + { + "name": "SUSE-SA:2009:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html" + }, + { + "name": "oval:org.mitre.oval:def:11546", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546" + }, + { + "name": "1022070", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022070" + }, + { + "name": "34756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34756" + }, + { + "name": "34852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34852" + }, + { + "name": "http://www.cups.org/str.php?L3031", + "refsource": "CONFIRM", + "url": "http://www.cups.org/str.php?L3031" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=490596", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490596" + }, + { + "name": "34722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34722" + }, + { + "name": "DSA-1773", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1773" + }, + { + "name": "RHSA-2009:0429", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0194.json b/2009/0xxx/CVE-2009-0194.json index d78c5c904c1..0aa63d4a0a6 100644 --- a/2009/0xxx/CVE-2009-0194.json +++ b/2009/0xxx/CVE-2009-0194.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a \"synchronisation error.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-0194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090507 Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503319/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-16/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-16/" - }, - { - "name" : "34858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34858" - }, - { - "name" : "54258", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54258" - }, - { - "name" : "1022173", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022173" - }, - { - "name" : "34326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34326" - }, - { - "name" : "communicator-domain-security-bypass(50360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a \"synchronisation error.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "communicator-domain-security-bypass(50360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50360" + }, + { + "name": "http://secunia.com/secunia_research/2009-16/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-16/" + }, + { + "name": "1022173", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022173" + }, + { + "name": "20090507 Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503319/100/0/threaded" + }, + { + "name": "34858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34858" + }, + { + "name": "54258", + "refsource": "OSVDB", + "url": "http://osvdb.org/54258" + }, + { + "name": "34326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34326" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0445.json b/2009/0xxx/CVE-2009-0445.json index 774dc871ac9..c1a67be5b06 100644 --- a/2009/0xxx/CVE-2009-0445.json +++ b/2009/0xxx/CVE-2009-0445.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7968", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7968" - }, - { - "name" : "9451", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/9451" - }, - { - "name" : "33596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33596" - }, - { - "name" : "51741", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51741" - }, - { - "name" : "33730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33730" - }, - { - "name" : "dreampics-exhibitionid-sql-injection(48468)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7968", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7968" + }, + { + "name": "9451", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/9451" + }, + { + "name": "33596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33596" + }, + { + "name": "33730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33730" + }, + { + "name": "dreampics-exhibitionid-sql-injection(48468)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48468" + }, + { + "name": "51741", + "refsource": "OSVDB", + "url": "http://osvdb.org/51741" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0576.json b/2009/0xxx/CVE-2009-0576.json index d3f56804bf4..5c14cb2c53c 100644 --- a/2009/0xxx/CVE-2009-0576.json +++ b/2009/0xxx/CVE-2009-0576.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1" - }, - { - "name" : "250086", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250086-1" - }, - { - "name" : "33732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33732" - }, - { - "name" : "ADV-2009-0409", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0409" - }, - { - "name" : "33850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33850" - }, - { - "name" : "sun-java-sds-ldap-dos(48662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1" + }, + { + "name": "33850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33850" + }, + { + "name": "ADV-2009-0409", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0409" + }, + { + "name": "33732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33732" + }, + { + "name": "250086", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250086-1" + }, + { + "name": "sun-java-sds-ldap-dos(48662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48662" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0714.json b/2009/0xxx/CVE-2009-0714.json index 97215bce06b..409ea3b5fad 100644 --- a/2009/0xxx/CVE-2009-0714.json +++ b/2009/0xxx/CVE-2009-0714.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9006", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/9006" - }, - { - "name" : "9007", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/9007" - }, - { - "name" : "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html", - "refsource" : "MISC", - "url" : "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html" - }, - { - "name" : "HPSBMA02417", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543" - }, - { - "name" : "SSRT090031", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543" - }, - { - "name" : "34955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34955" - }, - { - "name" : "1022220", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022220" - }, - { - "name" : "35084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35084" - }, - { - "name" : "ADV-2009-1309", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022220", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022220" + }, + { + "name": "HPSBMA02417", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543" + }, + { + "name": "SSRT090031", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543" + }, + { + "name": "9007", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/9007" + }, + { + "name": "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html", + "refsource": "MISC", + "url": "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html" + }, + { + "name": "35084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35084" + }, + { + "name": "34955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34955" + }, + { + "name": "ADV-2009-1309", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1309" + }, + { + "name": "9006", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/9006" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1210.json b/2009/1xxx/CVE-2009-1210.json index ec20a0e17b4..410ad939ba7 100644 --- a/2009/1xxx/CVE-2009-1210.json +++ b/2009/1xxx/CVE-2009-1210.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090417 rPSA-2009-0062-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502745/100/0/threaded" - }, - { - "name" : "8308", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8308" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-02.html" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062" - }, - { - "name" : "DSA-1785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1785" - }, - { - "name" : "FEDORA-2009-3599", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html" - }, - { - "name" : "FEDORA-2009-5339", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html" - }, - { - "name" : "FEDORA-2009-5382", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html" - }, - { - "name" : "MDVSA-2009:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:088" - }, - { - "name" : "RHSA-2009:1100", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1100.html" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "34291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34291" - }, - { - "name" : "oval:org.mitre.oval:def:5976", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976" - }, - { - "name" : "oval:org.mitre.oval:def:9526", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526" - }, - { - "name" : "34542", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34542" - }, - { - "name" : "34778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34778" - }, - { - "name" : "34970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34970" - }, - { - "name" : "35133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35133" - }, - { - "name" : "35224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35224" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "35464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35464" - }, - { - "name" : "wireshark-pndcp-format-string(49512)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-02.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-02.html" + }, + { + "name": "FEDORA-2009-5382", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html" + }, + { + "name": "oval:org.mitre.oval:def:9526", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526" + }, + { + "name": "34291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34291" + }, + { + "name": "FEDORA-2009-5339", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html" + }, + { + "name": "35464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35464" + }, + { + "name": "RHSA-2009:1100", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1100.html" + }, + { + "name": "34778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34778" + }, + { + "name": "8308", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8308" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:5976", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976" + }, + { + "name": "20090417 rPSA-2009-0062-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502745/100/0/threaded" + }, + { + "name": "34970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34970" + }, + { + "name": "DSA-1785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1785" + }, + { + "name": "35133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35133" + }, + { + "name": "FEDORA-2009-3599", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html" + }, + { + "name": "wireshark-pndcp-format-string(49512)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49512" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "34542", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34542" + }, + { + "name": "MDVSA-2009:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:088" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0062", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0062" + }, + { + "name": "35224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35224" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1631.json b/2009/1xxx/CVE-2009-1631.json index 14bcd0da094..0740110f8a8 100644 --- a/2009/1xxx/CVE-2009-1631.json +++ b/2009/1xxx/CVE-2009-1631.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090512 CVE Request (evolution)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/12/6" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=581604", - "refsource" : "MISC", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=581604" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=498648", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=498648" - }, - { - "name" : "34921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=498648", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=498648" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=581604", + "refsource": "MISC", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=581604" + }, + { + "name": "34921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34921" + }, + { + "name": "[oss-security] 20090512 CVE Request (evolution)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/12/6" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1655.json b/2009/1xxx/CVE-2009-1655.json index 9fe7e7df750..04b7a6f7b82 100644 --- a/2009/1xxx/CVE-2009-1655.json +++ b/2009/1xxx/CVE-2009-1655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8690", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8690" - }, - { - "name" : "34975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34975" - }, - { - "name" : "54502", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54502" - }, - { - "name" : "35067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34975" + }, + { + "name": "8690", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8690" + }, + { + "name": "35067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35067" + }, + { + "name": "54502", + "refsource": "OSVDB", + "url": "http://osvdb.org/54502" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4218.json b/2009/4xxx/CVE-2009-4218.json index b789c058c35..90a84d6070a 100644 --- a/2009/4xxx/CVE-2009-4218.json +++ b/2009/4xxx/CVE-2009-4218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37045" - }, - { - "name" : "jiro-login-sql-injection(54382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jiro-login-sql-injection(54382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54382" + }, + { + "name": "37045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37045" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4838.json b/2009/4xxx/CVE-2009-4838.json index 240794933c7..254f7b1840f 100644 --- a/2009/4xxx/CVE-2009-4838.json +++ b/2009/4xxx/CVE-2009-4838.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://base.secureideas.net/news.php", - "refsource" : "CONFIRM", - "url" : "http://base.secureideas.net/news.php" - }, - { - "name" : "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view", - "refsource" : "CONFIRM", - "url" : "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view" - }, - { - "name" : "35222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view", + "refsource": "CONFIRM", + "url": "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view" + }, + { + "name": "35222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35222" + }, + { + "name": "http://base.secureideas.net/news.php", + "refsource": "CONFIRM", + "url": "http://base.secureideas.net/news.php" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2298.json b/2012/2xxx/CVE-2012-2298.json index 433e132f4ae..54fe3aa932a 100644 --- a/2012/2xxx/CVE-2012-2298.json +++ b/2012/2xxx/CVE-2012-2298.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120502 CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/1" - }, - { - "name" : "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/2" - }, - { - "name" : "http://drupal.org/node/1547660", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1547660" - }, - { - "name" : "http://drupal.org/node/1547352", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1547352" - }, - { - "name" : "http://drupalcode.org/project/realname.git/commitdiff/41786d0", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/realname.git/commitdiff/41786d0" - }, - { - "name" : "http://drupalcode.org/project/realname.git/commitdiff/b920794", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/realname.git/commitdiff/b920794" - }, - { - "name" : "53250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53250" - }, - { - "name" : "48936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48936" - }, - { - "name" : "realname-unspecified-xss(75181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupalcode.org/project/realname.git/commitdiff/b920794", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/realname.git/commitdiff/b920794" + }, + { + "name": "http://drupal.org/node/1547660", + "refsource": "MISC", + "url": "http://drupal.org/node/1547660" + }, + { + "name": "48936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48936" + }, + { + "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2" + }, + { + "name": "53250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53250" + }, + { + "name": "realname-unspecified-xss(75181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181" + }, + { + "name": "http://drupal.org/node/1547352", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1547352" + }, + { + "name": "http://drupalcode.org/project/realname.git/commitdiff/41786d0", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0" + }, + { + "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2590.json b/2012/2xxx/CVE-2012-2590.json index 66c16a6f270..1a12d62323f 100644 --- a/2012/2xxx/CVE-2012-2590.json +++ b/2012/2xxx/CVE-2012-2590.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV=\"Set-Cookie\" META element, or (4) an innerHTML attribute within an XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20350", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20350/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV=\"Set-Cookie\" META element, or (4) an innerHTML attribute within an XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20350", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20350/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2641.json b/2012/2xxx/CVE-2012-2641.json index 776952919df..e516aee863c 100644 --- a/2012/2xxx/CVE-2012-2641.json +++ b/2012/2xxx/CVE-2012-2641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-2641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zenphoto.org/news/zenphoto-1.4.3", - "refsource" : "CONFIRM", - "url" : "http://www.zenphoto.org/news/zenphoto-1.4.3" - }, - { - "name" : "JVN#59842447", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN59842447/index.html" - }, - { - "name" : "JVNDB-2012-000065", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zenphoto.org/news/zenphoto-1.4.3", + "refsource": "CONFIRM", + "url": "http://www.zenphoto.org/news/zenphoto-1.4.3" + }, + { + "name": "JVNDB-2012-000065", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065" + }, + { + "name": "JVN#59842447", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN59842447/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2812.json b/2012/2xxx/CVE-2012-2812.json index 1c9e84aabfe..e673c7aa00a 100644 --- a/2012/2xxx/CVE-2012-2812.json +++ b/2012/2xxx/CVE-2012-2812.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" - }, - { - "name" : "DSA-2559", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2559" - }, - { - "name" : "RHSA-2012:1255", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1255.html" - }, - { - "name" : "SUSE-SU-2012:0902", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:0903", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" - }, - { - "name" : "USN-1513-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1513-1" - }, - { - "name" : "54437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54437" - }, - { - "name" : "49988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54437" + }, + { + "name": "DSA-2559", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2559" + }, + { + "name": "SUSE-SU-2012:0903", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" + }, + { + "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" + }, + { + "name": "49988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49988" + }, + { + "name": "RHSA-2012:1255", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html" + }, + { + "name": "USN-1513-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1513-1" + }, + { + "name": "SUSE-SU-2012:0902", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3194.json b/2012/3xxx/CVE-2012-3194.json index e878ce34c06..ef4e5f9195c 100644 --- a/2012/3xxx/CVE-2012-3194.json +++ b/2012/3xxx/CVE-2012-3194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "86391", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86391", + "refsource": "OSVDB", + "url": "http://osvdb.org/86391" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3329.json b/2012/3xxx/CVE-2012-3329.json index 28588cea258..5d40b52c887 100644 --- a/2012/3xxx/CVE-2012-3329.json +++ b/2012/3xxx/CVE-2012-3329.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090" - }, - { - "name" : "ibm-asu-symlink(78044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-asu-symlink(78044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78044" + }, + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3444.json b/2012/3xxx/CVE-2012-3444.json index fd023ab5c6d..0a7d9939ec4 100644 --- a/2012/3xxx/CVE-2012-3444.json +++ b/2012/3xxx/CVE-2012-3444.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/31/1" - }, - { - "name" : "[oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/31/2" - }, - { - "name" : "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/" - }, - { - "name" : "DSA-2529", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2529" - }, - { - "name" : "MDVSA-2012:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143" - }, - { - "name" : "USN-1560-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1560-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/31/1" + }, + { + "name": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/" + }, + { + "name": "MDVSA-2012:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143" + }, + { + "name": "USN-1560-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1560-1" + }, + { + "name": "[oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/31/2" + }, + { + "name": "DSA-2529", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2529" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3496.json b/2012/3xxx/CVE-2012-3496.json index c9cb587fc86..bdd46ee536a 100644 --- a/2012/3xxx/CVE-2012-3496.json +++ b/2012/3xxx/CVE-2012-3496.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-announce] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html" - }, - { - "name" : "[oss-security] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/05/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=854590", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=854590" - }, - { - "name" : "http://support.citrix.com/article/CTX134708", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX134708" - }, - { - "name" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability", - "refsource" : "CONFIRM", - "url" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability" - }, - { - "name" : "DSA-2544", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2544" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "openSUSE-SU-2012:1172", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2012:1132", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html" - }, - { - "name" : "SUSE-SU-2012:1133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html" - }, - { - "name" : "SUSE-SU-2012:1162", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html" - }, - { - "name" : "openSUSE-SU-2012:1572", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" - }, - { - "name" : "55412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55412" - }, - { - "name" : "85200", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/85200" - }, - { - "name" : "1027481", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1027481" - }, - { - "name" : "50472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50472" - }, - { - "name" : "50530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50530" - }, - { - "name" : "51413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51413" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - }, - { - "name" : "xen-xenmempopulatephysmap-dos(78267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "50530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50530" + }, + { + "name": "51413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51413" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=854590", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854590" + }, + { + "name": "1027481", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1027481" + }, + { + "name": "openSUSE-SU-2012:1572", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" + }, + { + "name": "50472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50472" + }, + { + "name": "xen-xenmempopulatephysmap-dos(78267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78267" + }, + { + "name": "[oss-security] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/05/7" + }, + { + "name": "[Xen-announce] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html" + }, + { + "name": "55412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55412" + }, + { + "name": "85200", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/85200" + }, + { + "name": "SUSE-SU-2012:1162", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html" + }, + { + "name": "openSUSE-SU-2012:1174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + }, + { + "name": "SUSE-SU-2012:1132", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html" + }, + { + "name": "http://support.citrix.com/article/CTX134708", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX134708" + }, + { + "name": "SUSE-SU-2012:1133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html" + }, + { + "name": "openSUSE-SU-2012:1573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" + }, + { + "name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability", + "refsource": "CONFIRM", + "url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability" + }, + { + "name": "openSUSE-SU-2012:1172", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" + }, + { + "name": "DSA-2544", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2544" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6490.json b/2012/6xxx/CVE-2012-6490.json index 5300852d57b..ac413dd7830 100644 --- a/2012/6xxx/CVE-2012-6490.json +++ b/2012/6xxx/CVE-2012-6490.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6490", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6490", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6698.json b/2012/6xxx/CVE-2012-6698.json index f8a59dbe4fa..7e25c9e5559 100644 --- a/2012/6xxx/CVE-2012-6698.json +++ b/2012/6xxx/CVE-2012-6698.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/02/1" - }, - { - "name" : "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/03/1" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226" - }, - { - "name" : "https://launchpadlibrarian.net/228152582/dhcp.c.patch", - "refsource" : "CONFIRM", - "url" : "https://launchpadlibrarian.net/228152582/dhcp.c.patch" - }, - { - "name" : "DSA-3534", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226" + }, + { + "name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/02/1" + }, + { + "name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch", + "refsource": "CONFIRM", + "url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch" + }, + { + "name": "DSA-3534", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3534" + }, + { + "name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/03/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1953.json b/2015/1xxx/CVE-2015-1953.json index cc4220c28e1..f3cfa726846 100644 --- a/2015/1xxx/CVE-2015-1953.json +++ b/2015/1xxx/CVE-2015-1953.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-273", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-273" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" - }, - { - "name" : "75456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75456" - }, - { - "name" : "1032773", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032773", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032773" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-273", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-273" + }, + { + "name": "75456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75456" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5056.json b/2015/5xxx/CVE-2015-5056.json index ed88ce8eead..61d581e333f 100644 --- a/2015/5xxx/CVE-2015-5056.json +++ b/2015/5xxx/CVE-2015-5056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5479.json b/2015/5xxx/CVE-2015-5479.json index 361d984e035..32907abcc93 100644 --- a/2015/5xxx/CVE-2015-5479.json +++ b/2015/5xxx/CVE-2015-5479.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/" - }, - { - "name" : "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b", - "refsource" : "CONFIRM", - "url" : "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b" - }, - { - "name" : "https://libav.org/releases/libav-11.5.changelog", - "refsource" : "CONFIRM", - "url" : "https://libav.org/releases/libav-11.5.changelog" - }, - { - "name" : "openSUSE-SU-2016:1685", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html" - }, - { - "name" : "USN-2944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2944-1" - }, - { - "name" : "75932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:1685", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html" + }, + { + "name": "https://libav.org/releases/libav-11.5.changelog", + "refsource": "CONFIRM", + "url": "https://libav.org/releases/libav-11.5.changelog" + }, + { + "name": "USN-2944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2944-1" + }, + { + "name": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/" + }, + { + "name": "75932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75932" + }, + { + "name": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b", + "refsource": "CONFIRM", + "url": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5576.json b/2015/5xxx/CVE-2015-5576.json index 5e2d13d11cd..be7bb394a13 100644 --- a/2015/5xxx/CVE-2015-5576.json +++ b/2015/5xxx/CVE-2015-5576.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76802" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "76802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76802" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5705.json b/2015/5xxx/CVE-2015-5705.json index 3947b1aaa9a..18fc5c1fc8d 100644 --- a/2015/5xxx/CVE-2015-5705.json +++ b/2015/5xxx/CVE-2015-5705.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-5705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/01/7" - }, - { - "name" : "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1249645", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1249645" - }, - { - "name" : "FEDORA-2015-12699", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html" - }, - { - "name" : "FEDORA-2015-12716", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645" + }, + { + "name": "FEDORA-2015-12716", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260" + }, + { + "name": "FEDORA-2015-12699", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html" + }, + { + "name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/01/7" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2987.json b/2017/2xxx/CVE-2017-2987.json index 1218b523dab..78cca4c0acc 100644 --- a/2017/2xxx/CVE-2017-2987.json +++ b/2017/2xxx/CVE-2017-2987.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.194 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.194 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.194 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.194 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0275", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0275.html" - }, - { - "name" : "96194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96194" - }, - { - "name" : "1037815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96194" + }, + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "RHSA-2017:0275", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" + }, + { + "name": "1037815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037815" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11024.json b/2018/11xxx/CVE-2018-11024.json index 4fd87e44737..66e3aab7163 100644 --- a/2018/11xxx/CVE-2018-11024.json +++ b/2018/11xxx/CVE-2018-11024.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md", - "refsource" : "MISC", - "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md", + "refsource": "MISC", + "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11404.json b/2018/11xxx/CVE-2018-11404.json index 2f42e73419c..251a9db0a28 100644 --- a/2018/11xxx/CVE-2018-11404.json +++ b/2018/11xxx/CVE-2018-11404.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44783", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44783/" - }, - { - "name" : "https://github.com/domainmod/domainmod/issues/63", - "refsource" : "MISC", - "url" : "https://github.com/domainmod/domainmod/issues/63" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/domainmod/domainmod/issues/63", + "refsource": "MISC", + "url": "https://github.com/domainmod/domainmod/issues/63" + }, + { + "name": "44783", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44783/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11761.json b/2018/11xxx/CVE-2018-11761.json index a0672d01bb4..91e8d87fbaf 100644 --- a/2018/11xxx/CVE-2018-11761.json +++ b/2018/11xxx/CVE-2018-11761.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-09-19T00:00:00", - "ID" : "CVE-2018-11761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tika", - "version" : { - "version_data" : [ - { - "version_value" : "0.1 to 1.18" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service via XML Entity Expansion" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-09-19T00:00:00", + "ID": "CVE-2018-11761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tika", + "version": { + "version_data": [ + { + "version_value": "0.1 to 1.18" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E" - }, - { - "name" : "105514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service via XML Entity Expansion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105514" + }, + { + "name": "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14464.json b/2018/14xxx/CVE-2018-14464.json index 169193c0141..7412009fb88 100644 --- a/2018/14xxx/CVE-2018-14464.json +++ b/2018/14xxx/CVE-2018-14464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14464", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14464", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15166.json b/2018/15xxx/CVE-2018-15166.json index 114056e9f96..1e9c5889b3b 100644 --- a/2018/15xxx/CVE-2018-15166.json +++ b/2018/15xxx/CVE-2018-15166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15282.json b/2018/15xxx/CVE-2018-15282.json index 7a1c02e2936..e1109afa924 100644 --- a/2018/15xxx/CVE-2018-15282.json +++ b/2018/15xxx/CVE-2018-15282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15282", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15282", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15356.json b/2018/15xxx/CVE-2018-15356.json index 9d2d9ec22e1..1b9b5eaa1de 100644 --- a/2018/15xxx/CVE-2018-15356.json +++ b/2018/15xxx/CVE-2018-15356.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "ID" : "CVE-2018-15356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Eltex ESP-200", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "An authenticated attacker can execute arbitrary code using command ejection" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "ID": "CVE-2018-15356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eltex ESP-200", + "version": { + "version_data": [ + { + "version_value": "1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An authenticated attacker can execute arbitrary code using command ejection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15822.json b/2018/15xxx/CVE-2018-15822.json index 45561e6f36e..988080ac97f 100644 --- a/2018/15xxx/CVE-2018-15822.json +++ b/2018/15xxx/CVE-2018-15822.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10", - "refsource" : "MISC", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10", + "refsource": "MISC", + "url": "https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3028.json b/2018/3xxx/CVE-2018-3028.json index 6d912b2d22f..ada701f00b3 100644 --- a/2018/3xxx/CVE-2018-3028.json +++ b/2018/3xxx/CVE-2018-3028.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Investor Servicing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.4" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.4" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104793" - }, - { - "name" : "1041307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041307" + }, + { + "name": "104793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104793" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3066.json b/2018/3xxx/CVE-2018-3066.json index e8cd3a29569..fa5fb45373d 100644 --- a/2018/3xxx/CVE-2018-3066.json +++ b/2018/3xxx/CVE-2018-3066.json @@ -1,116 +1,116 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.60 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.6.40 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.22 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.60 and prior" + }, + { + "version_affected": "=", + "version_value": "5.6.40 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.22 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html" - }, - { - "name" : "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" - }, - { - "name" : "DSA-4341", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4341" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3725-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3725-1/" - }, - { - "name" : "USN-3725-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3725-2/" - }, - { - "name" : "104766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104766" - }, - { - "name" : "1041294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4341", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4341" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "USN-3725-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3725-1/" + }, + { + "name": "1041294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041294" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html" + }, + { + "name": "USN-3725-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3725-2/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + }, + { + "name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html" + }, + { + "name": "104766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104766" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3076.json b/2018/3xxx/CVE-2018-3076.json index f96f3bd7076..e91ee568862 100644 --- a/2018/3xxx/CVE-2018-3076.json +++ b/2018/3xxx/CVE-2018-3076.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise CS Financial Aid", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.0" - }, - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise CS Financial Aid", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.0" + }, + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104830" - }, - { - "name" : "1041306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104830" + }, + { + "name": "1041306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041306" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3128.json b/2018/3xxx/CVE-2018-3128.json index 161ee58f08d..2922977d107 100644 --- a/2018/3xxx/CVE-2018-3128.json +++ b/2018/3xxx/CVE-2018-3128.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.0" - }, - { - "version_affected" : "=", - "version_value" : "9.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.0" + }, + { + "version_affected": "=", + "version_value": "9.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105650" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8179.json b/2018/8xxx/CVE-2018-8179.json index 2ec1bf9842a..38b560d9e7f 100644 --- a/2018/8xxx/CVE-2018-8179.json +++ b/2018/8xxx/CVE-2018-8179.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8179", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8179" - }, - { - "name" : "104077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104077" - }, - { - "name" : "1040844", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104077" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8179", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8179" + }, + { + "name": "1040844", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040844" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8372.json b/2018/8xxx/CVE-2018-8372.json index 53e48fd3ae5..efba185641e 100644 --- a/2018/8xxx/CVE-2018-8372.json +++ b/2018/8xxx/CVE-2018-8372.json @@ -1,173 +1,173 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372" - }, - { - "name" : "105038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105038" - }, - { - "name" : "1041457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105038" + }, + { + "name": "1041457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041457" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8579.json b/2018/8xxx/CVE-2018-8579.json index 0c781081036..651d2a030c5 100644 --- a/2018/8xxx/CVE-2018-8579.json +++ b/2018/8xxx/CVE-2018-8579.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2019 for 32-bit editions" - }, - { - "version_value" : "2019 for 64-bit editions" - } - ] - } - }, - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "365 ProPlus for 32-bit Systems" - }, - { - "version_value" : "365 ProPlus for 64-bit Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when attaching files to Outlook messages, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "365 ProPlus for 32-bit Systems" + }, + { + "version_value": "365 ProPlus for 64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579" - }, - { - "name" : "105828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105828" - }, - { - "name" : "1042132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when attaching files to Outlook messages, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105828" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579" + }, + { + "name": "1042132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042132" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8792.json b/2018/8xxx/CVE-2018-8792.json index 076c2228de6..39b6f674b0f 100644 --- a/2018/8xxx/CVE-2018-8792.json +++ b/2018/8xxx/CVE-2018-8792.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "DATE_PUBLIC" : "2019-02-05T00:00:00", - "ID" : "CVE-2018-8792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rdesktop", - "version" : { - "version_data" : [ - { - "version_value" : "All versions up to and including v1.8.3" - } - ] - } - } - ] - }, - "vendor_name" : "Check Point Software Technologies Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-126: Buffer Over-read" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "DATE_PUBLIC": "2019-02-05T00:00:00", + "ID": "CVE-2018-8792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rdesktop", + "version": { + "version_data": [ + { + "version_value": "All versions up to and including v1.8.3" + } + ] + } + } + ] + }, + "vendor_name": "Check Point Software Technologies Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html" - }, - { - "name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", - "refsource" : "CONFIRM", - "url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" - }, - { - "name" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", - "refsource" : "MISC", - "url" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" - }, - { - "name" : "DSA-4394", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4394" - }, - { - "name" : "GLSA-201903-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-06" - }, - { - "name" : "106938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106938" + }, + { + "name": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", + "refsource": "MISC", + "url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" + }, + { + "name": "GLSA-201903-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-06" + }, + { + "name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", + "refsource": "CONFIRM", + "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" + }, + { + "name": "DSA-4394", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4394" + }, + { + "name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html" + } + ] + } +} \ No newline at end of file