diff --git a/2002/0xxx/CVE-2002-0295.json b/2002/0xxx/CVE-2002-0295.json index 47eb03860f3..a1112be988f 100644 --- a/2002/0xxx/CVE-2002-0295.json +++ b/2002/0xxx/CVE-2002-0295.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020219 Security BugWare : Alcatel 4400 PBX hack", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101413767925869&w=2" - }, - { - "name" : "4133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020219 Security BugWare : Alcatel 4400 PBX hack", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101413767925869&w=2" + }, + { + "name": "4133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4133" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0307.json b/2002/0xxx/CVE-2002-0307.json index 5cb76bc970f..6c5b141f0ac 100644 --- a/2002/0xxx/CVE-2002-0307.json +++ b/2002/0xxx/CVE-2002-0307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020221 \"Cthulhu xhAze\" - Command execution in Ans.pl", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101430868616112&w=2" - }, - { - "name" : "4147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4147" + }, + { + "name": "20020221 \"Cthulhu xhAze\" - Command execution in Ans.pl", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101430868616112&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0314.json b/2002/0xxx/CVE-2002-0314.json index fd84f6d1c1a..ad6baf534d0 100644 --- a/2002/0xxx/CVE-2002-0314.json +++ b/2002/0xxx/CVE-2002-0314.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101441689224760&w=2" - }, - { - "name" : "4122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4122" - }, - { - "name" : "fasttrack-message-service-dos(8273)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8273.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101441689224760&w=2" + }, + { + "name": "fasttrack-message-service-dos(8273)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8273.php" + }, + { + "name": "4122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4122" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0509.json b/2002/0xxx/CVE-2002-0509.json index ba7e877e663..5dc352ad6da 100644 --- a/2002/0xxx/CVE-2002-0509.json +++ b/2002/0xxx/CVE-2002-0509.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020328 Oracle9i TSN DoS Attack", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/264697" - }, - { - "name" : "4391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4391" - }, - { - "name" : "oracle-tns-onetcp-dos(8657)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8657.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4391" + }, + { + "name": "oracle-tns-onetcp-dos(8657)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8657.php" + }, + { + "name": "20020328 Oracle9i TSN DoS Attack", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/264697" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0681.json b/2002/0xxx/CVE-2002-0681.json index a5ba2a8485b..45cc1333624 100644 --- a/2002/0xxx/CVE-2002-0681.json +++ b/2002/0xxx/CVE-2002-0681.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a \"404 not found\" message, which does not quote the script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102631742711795&w=2" - }, - { - "name" : "20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html" - }, - { - "name" : "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539", - "refsource" : "CONFIRM", - "url" : "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539" - }, - { - "name" : "81099", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81099" - }, - { - "name" : "goahead-error-msg-xss(9518)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9518.php" - }, - { - "name" : "5198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a \"404 not found\" message, which does not quote the script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5198" + }, + { + "name": "81099", + "refsource": "OSVDB", + "url": "http://osvdb.org/81099" + }, + { + "name": "20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html" + }, + { + "name": "goahead-error-msg-xss(9518)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9518.php" + }, + { + "name": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539", + "refsource": "CONFIRM", + "url": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539" + }, + { + "name": "20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102631742711795&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2282.json b/2002/2xxx/CVE-2002-2282.json index 54d18390c06..dc07241effc 100644 --- a/2002/2xxx/CVE-2002-2282.json +++ b/2002/2xxx/CVE-2002-2282.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021129 Potential Vuln in McAfee VirusScan 451", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html" - }, - { - "name" : "6288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6288" - }, - { - "name" : "virusscan-webscanx-dll-execution(10741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021129 Potential Vuln in McAfee VirusScan 451", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html" + }, + { + "name": "virusscan-webscanx-dll-execution(10741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10741" + }, + { + "name": "6288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6288" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0044.json b/2005/0xxx/CVE-2005-0044.json index bc7ca925fc4..329d59fc817 100644 --- a/2005/0xxx/CVE-2005-0044.json +++ b/2005/0xxx/CVE-2005-0044.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the \"Input Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012" - }, - { - "name" : "TA05-039A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" - }, - { - "name" : "VU#927889", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/927889" - }, - { - "name" : "oval:org.mitre.oval:def:1180", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1180" - }, - { - "name" : "oval:org.mitre.oval:def:2917", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2917" - }, - { - "name" : "oval:org.mitre.oval:def:3568", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3568" - }, - { - "name" : "oval:org.mitre.oval:def:4499", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4499" - }, - { - "name" : "win-ole-code-execution(19109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the \"Input Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:2917", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2917" + }, + { + "name": "win-ole-code-execution(19109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19109" + }, + { + "name": "oval:org.mitre.oval:def:1180", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1180" + }, + { + "name": "VU#927889", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/927889" + }, + { + "name": "TA05-039A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" + }, + { + "name": "oval:org.mitre.oval:def:3568", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3568" + }, + { + "name": "MS05-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012" + }, + { + "name": "oval:org.mitre.oval:def:4499", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4499" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0548.json b/2005/0xxx/CVE-2005-0548.json index 83cc63daeee..5cd93337c74 100644 --- a/2005/0xxx/CVE-2005-0548.json +++ b/2005/0xxx/CVE-2005-0548.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050328 Multiple XSS issues in Sun AnswerBook2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111205163531628&w=2" - }, - { - "name" : "57737", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1" - }, - { - "name" : "1000230", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050328 Multiple XSS issues in Sun AnswerBook2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111205163531628&w=2" + }, + { + "name": "1000230", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1" + }, + { + "name": "57737", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0891.json b/2005/0xxx/CVE-2005-0891.json index db2cd764989..585a7fff648 100644 --- a/2005/0xxx/CVE-2005-0891.json +++ b/2005/0xxx/CVE-2005-0891.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLSA-2005:958", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000958" - }, - { - "name" : "FLSA-2005:155510", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/419771/100/0/threaded" - }, - { - "name" : "MDKSA-2005:214", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214" - }, - { - "name" : "RHSA-2005:344", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-344.html" - }, - { - "name" : "RHSA-2005:343", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-343.html" - }, - { - "name" : "12950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12950" - }, - { - "name" : "oval:org.mitre.oval:def:9710", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9710" - }, - { - "name" : "17657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12950" + }, + { + "name": "CLSA-2005:958", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000958" + }, + { + "name": "RHSA-2005:343", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-343.html" + }, + { + "name": "MDKSA-2005:214", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214" + }, + { + "name": "FLSA-2005:155510", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/419771/100/0/threaded" + }, + { + "name": "RHSA-2005:344", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-344.html" + }, + { + "name": "oval:org.mitre.oval:def:9710", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9710" + }, + { + "name": "17657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17657" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0990.json b/2005/0xxx/CVE-2005-0990.json index 84a795b8cab..1fd5bdc1c89 100644 --- a/2005/0xxx/CVE-2005-0990.json +++ b/2005/0xxx/CVE-2005-0990.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2005:377", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-377.html" - }, - { - "name" : "USN-104-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/104-1/" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412" - }, - { - "name" : "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459", - "refsource" : "MISC", - "url" : "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459" - }, - { - "name" : "12981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12981" - }, - { - "name" : "oval:org.mitre.oval:def:9613", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613" - }, - { - "name" : "sharutils-temp-file-symlink(19957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9613", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9613" + }, + { + "name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459", + "refsource": "MISC", + "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=8459" + }, + { + "name": "sharutils-temp-file-symlink(19957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19957" + }, + { + "name": "12981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12981" + }, + { + "name": "USN-104-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/104-1/" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412" + }, + { + "name": "RHSA-2005:377", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1354.json b/2005/1xxx/CVE-2005-1354.json index 4b6ca1b4b84..1dbafefa38f 100644 --- a/2005/1xxx/CVE-2005-1354.json +++ b/2005/1xxx/CVE-2005-1354.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The forum.pl script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050424 remote command execution in forum.pl script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111446056205059&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The forum.pl script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050424 remote command execution in forum.pl script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111446056205059&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1427.json b/2005/1xxx/CVE-2005-1427.json index 8e936a49a91..501e3ca1848 100644 --- a/2005/1xxx/CVE-2005-1427.json +++ b/2005/1xxx/CVE-2005-1427.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15994", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15994" - }, - { - "name" : "1013830", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013830" - }, - { - "name" : "uapplication-information-disclosure(20314)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "uapplication-information-disclosure(20314)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20314" + }, + { + "name": "1013830", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013830" + }, + { + "name": "15994", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15994" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0384.json b/2009/0xxx/CVE-2009-0384.json index 7613193adfd..99692c4530a 100644 --- a/2009/0xxx/CVE-2009-0384.json +++ b/2009/0xxx/CVE-2009-0384.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7849", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7849", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7849" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0578.json b/2009/0xxx/CVE-2009-0578.json index fa3da6e9317..24357ae2385 100644 --- a/2009/0xxx/CVE-2009-0578.json +++ b/2009/0xxx/CVE-2009-0578.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487752", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487752" - }, - { - "name" : "RHSA-2009:0361", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0361.html" - }, - { - "name" : "SUSE-SA:2009:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" - }, - { - "name" : "USN-727-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-727-1" - }, - { - "name" : "33966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33966" - }, - { - "name" : "oval:org.mitre.oval:def:8931", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8931" - }, - { - "name" : "1021909", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021909" - }, - { - "name" : "34473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34473" - }, - { - "name" : "34067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34067" - }, - { - "name" : "networkmanager-dbus-security-bypass(49063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-727-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-727-1" + }, + { + "name": "oval:org.mitre.oval:def:8931", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8931" + }, + { + "name": "33966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33966" + }, + { + "name": "networkmanager-dbus-security-bypass(49063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49063" + }, + { + "name": "34067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34067" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487752", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487752" + }, + { + "name": "1021909", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021909" + }, + { + "name": "SUSE-SR:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" + }, + { + "name": "SUSE-SA:2009:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html" + }, + { + "name": "RHSA-2009:0361", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0361.html" + }, + { + "name": "34473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34473" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0599.json b/2009/0xxx/CVE-2009-0599.json index f9c4b68a034..f354857d183 100644 --- a/2009/0xxx/CVE-2009-0599.json +++ b/2009/0xxx/CVE-2009-0599.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090312 rPSA-2009-0040-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501763/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-01.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0040", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0040" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2984", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2984" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm" - }, - { - "name" : "FEDORA-2009-1877", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00652.html" - }, - { - "name" : "RHSA-2009:0313", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0313.html" - }, - { - "name" : "SUSE-SR:2009:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html" - }, - { - "name" : "33690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33690" - }, - { - "name" : "oval:org.mitre.oval:def:9677", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9677" - }, - { - "name" : "oval:org.mitre.oval:def:14732", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14732" - }, - { - "name" : "34264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34264" - }, - { - "name" : "34344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34344" - }, - { - "name" : "34144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34144" - }, - { - "name" : "ADV-2009-0370", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0370" - }, - { - "name" : "51815", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51815" - }, - { - "name" : "1021697", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021697" - }, - { - "name" : "33872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm" + }, + { + "name": "34344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34344" + }, + { + "name": "33872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33872" + }, + { + "name": "20090312 rPSA-2009-0040-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501763/100/0/threaded" + }, + { + "name": "34144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34144" + }, + { + "name": "33690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33690" + }, + { + "name": "oval:org.mitre.oval:def:9677", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9677" + }, + { + "name": "SUSE-SR:2009:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html" + }, + { + "name": "1021697", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021697" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2984", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2984" + }, + { + "name": "51815", + "refsource": "OSVDB", + "url": "http://osvdb.org/51815" + }, + { + "name": "FEDORA-2009-1877", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00652.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2590" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0040", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0040" + }, + { + "name": "RHSA-2009:0313", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0313.html" + }, + { + "name": "ADV-2009-0370", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0370" + }, + { + "name": "oval:org.mitre.oval:def:14732", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14732" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-01.html" + }, + { + "name": "34264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34264" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0602.json b/2009/0xxx/CVE-2009-0602.json index 49aeee7719c..63f5ac93d0a 100644 --- a/2009/0xxx/CVE-2009-0602.json +++ b/2009/0xxx/CVE-2009-0602.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7998", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7998" - }, - { - "name" : "33647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33647" - }, - { - "name" : "wikkitikkitavi-upload-file-upload(48571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33647" + }, + { + "name": "7998", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7998" + }, + { + "name": "wikkitikkitavi-upload-file-upload(48571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48571" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0899.json b/2009/0xxx/CVE-2009-0899.json index e440599f72d..4ee2bbf6c1d 100644 --- a/2009/0xxx/CVE-2009-0899.json +++ b/2009/0xxx/CVE-2009-0899.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21375859", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21375859" - }, - { - "name" : "PK78134", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134" - }, - { - "name" : "35406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35406" - }, - { - "name" : "websphere-issecurityenabled-info-disclosure(50882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35406" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21375859", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375859" + }, + { + "name": "websphere-issecurityenabled-info-disclosure(50882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50882" + }, + { + "name": "PK78134", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1302.json b/2009/1xxx/CVE-2009-1302.json index 18367cb6abb..098e4bcac0d 100644 --- a/2009/1xxx/CVE-2009-1302.json +++ b/2009/1xxx/CVE-2009-1302.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-14.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=428113", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=428113" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=431260", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=431260" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=432114", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=432114" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=454276", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=454276" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=461053", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=461053" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=462517", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=462517" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=467881", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=467881" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=477775", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=477775" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=483444", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=483444" - }, - { - "name" : "DSA-1797", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1797" - }, - { - "name" : "DSA-1830", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1830" - }, - { - "name" : "FEDORA-2009-3875", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" - }, - { - "name" : "MDVSA-2009:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" - }, - { - "name" : "MDVSA-2009:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" - }, - { - "name" : "RHSA-2009:0436", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0436.html" - }, - { - "name" : "SSA:2009-178-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" - }, - { - "name" : "264308", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "USN-764-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/764-1/" - }, - { - "name" : "34656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34656" - }, - { - "name" : "oval:org.mitre.oval:def:10106", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10106" - }, - { - "name" : "oval:org.mitre.oval:def:5527", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5527" - }, - { - "name" : "oval:org.mitre.oval:def:6070", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6070" - }, - { - "name" : "oval:org.mitre.oval:def:6170", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6170" - }, - { - "name" : "oval:org.mitre.oval:def:7030", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7030" - }, - { - "name" : "1022090", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022090" - }, - { - "name" : "34758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34758" - }, - { - "name" : "34894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34894" - }, - { - "name" : "34843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34843" - }, - { - "name" : "34780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34780" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "35042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35042" - }, - { - "name" : "35602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35602" - }, - { - "name" : "ADV-2009-1125", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" + }, + { + "name": "FEDORA-2009-3875", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" + }, + { + "name": "34894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34894" + }, + { + "name": "ADV-2009-1125", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1125" + }, + { + "name": "SSA:2009-178-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" + }, + { + "name": "DSA-1830", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1830" + }, + { + "name": "34758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34758" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=461053", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=461053" + }, + { + "name": "35602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35602" + }, + { + "name": "oval:org.mitre.oval:def:5527", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5527" + }, + { + "name": "oval:org.mitre.oval:def:6070", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6070" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=454276", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=454276" + }, + { + "name": "oval:org.mitre.oval:def:10106", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10106" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=483444", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=483444" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=432114", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=432114" + }, + { + "name": "oval:org.mitre.oval:def:6170", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6170" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=477775", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=477775" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=431260", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=431260" + }, + { + "name": "USN-764-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/764-1/" + }, + { + "name": "MDVSA-2009:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "35042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35042" + }, + { + "name": "34656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34656" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=467881", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=467881" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=462517", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=462517" + }, + { + "name": "oval:org.mitre.oval:def:7030", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7030" + }, + { + "name": "34843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34843" + }, + { + "name": "DSA-1797", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1797" + }, + { + "name": "RHSA-2009:0436", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html" + }, + { + "name": "34780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34780" + }, + { + "name": "264308", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=428113", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=428113" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-14.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-14.html" + }, + { + "name": "1022090", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022090" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1627.json b/2009/1xxx/CVE-2009-1627.json index 9f2f6464beb..c6a05cbc424 100644 --- a/2009/1xxx/CVE-2009-1627.json +++ b/2009/1xxx/CVE-2009-1627.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8531", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8531" - }, - { - "name" : "8536", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8536" - }, - { - "name" : "34712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34712" - }, - { - "name" : "54090", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54090" - }, - { - "name" : "34883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34883" - }, - { - "name" : "ADV-2009-1171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8531", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8531" + }, + { + "name": "34712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34712" + }, + { + "name": "8536", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8536" + }, + { + "name": "54090", + "refsource": "OSVDB", + "url": "http://osvdb.org/54090" + }, + { + "name": "34883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34883" + }, + { + "name": "ADV-2009-1171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1171" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5099.json b/2009/5xxx/CVE-2009-5099.json index 48c591f9d68..87ce3a4f6a9 100644 --- a/2009/5xxx/CVE-2009-5099.json +++ b/2009/5xxx/CVE-2009-5099.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091013 [AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507168/100/0/threaded" - }, - { - "name" : "http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/" - }, - { - "name" : "http://jira.pentaho.com/browse/BISERVER-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel", - "refsource" : "CONFIRM", - "url" : "http://jira.pentaho.com/browse/BISERVER-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel" - }, - { - "name" : "37024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37024" - }, - { - "name" : "ADV-2009-2972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37024" + }, + { + "name": "http://jira.pentaho.com/browse/BISERVER-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel", + "refsource": "CONFIRM", + "url": "http://jira.pentaho.com/browse/BISERVER-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel" + }, + { + "name": "http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/" + }, + { + "name": "20091013 [AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507168/100/0/threaded" + }, + { + "name": "ADV-2009-2972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2972" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2092.json b/2012/2xxx/CVE-2012-2092.json index a9ef7f203fe..5576f0e99cc 100644 --- a/2012/2xxx/CVE-2012-2092.json +++ b/2012/2xxx/CVE-2012-2092.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2092", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2092", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2139.json b/2012/2xxx/CVE-2012-2139.json index 36e4e069c85..470af2fb9b7 100644 --- a/2012/2xxx/CVE-2012-2139.json +++ b/2012/2xxx/CVE-2012-2139.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120425 CVE request: two flaws fixed in rubygem-mail 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/25/8" - }, - { - "name" : "[oss-security] 20120425 Re: CVE request: two flaws fixed in rubygem-mail 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/26/1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=759092", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=759092" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=816352", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=816352" - }, - { - "name" : "https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f", - "refsource" : "CONFIRM", - "url" : "https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f" - }, - { - "name" : "FEDORA-2012-7535", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html" - }, - { - "name" : "FEDORA-2012-7619", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html" - }, - { - "name" : "FEDORA-2012-7692", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html" - }, - { - "name" : "48970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=816352", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=816352" + }, + { + "name": "FEDORA-2012-7535", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html" + }, + { + "name": "[oss-security] 20120425 CVE request: two flaws fixed in rubygem-mail 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/25/8" + }, + { + "name": "FEDORA-2012-7692", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=759092", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=759092" + }, + { + "name": "48970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48970" + }, + { + "name": "https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f", + "refsource": "CONFIRM", + "url": "https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f" + }, + { + "name": "FEDORA-2012-7619", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html" + }, + { + "name": "[oss-security] 20120425 Re: CVE request: two flaws fixed in rubygem-mail 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/26/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3066.json b/2012/3xxx/CVE-2012-3066.json index c83f51a466b..fbbe18255b6 100644 --- a/2012/3xxx/CVE-2012-3066.json +++ b/2012/3xxx/CVE-2012-3066.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3066", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3066", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3278.json b/2012/3xxx/CVE-2012-3278.json index af82b8b9d69..00e25382c99 100644 --- a/2012/3xxx/CVE-2012-3278.json +++ b/2012/3xxx/CVE-2012-3278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-12-162/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-12-162/" - }, - { - "name" : "HPSBMU02841", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03645497" - }, - { - "name" : "SSRT100724", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03645497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100724", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03645497" + }, + { + "name": "HPSBMU02841", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03645497" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-12-162/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-162/" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3616.json b/2012/3xxx/CVE-2012-3616.json index d7052be3a32..437bc9faf80 100644 --- a/2012/3xxx/CVE-2012-3616.json +++ b/2012/3xxx/CVE-2012-3616.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85409", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85409" - }, - { - "name" : "oval:org.mitre.oval:def:17199", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17199" - }, - { - "name" : "apple-itunes-webkit-cve20123616(78532)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "85409", + "refsource": "OSVDB", + "url": "http://osvdb.org/85409" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "apple-itunes-webkit-cve20123616(78532)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78532" + }, + { + "name": "oval:org.mitre.oval:def:17199", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17199" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3625.json b/2012/3xxx/CVE-2012-3625.json index ffbe7f71a2c..4e75b94a9be 100644 --- a/2012/3xxx/CVE-2012-3625.json +++ b/2012/3xxx/CVE-2012-3625.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3746.json b/2012/3xxx/CVE-2012-3746.json index 55bb9dfacb2..d943921ab80 100644 --- a/2012/3xxx/CVE-2012-3746.json +++ b/2012/3xxx/CVE-2012-3746.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "85633", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85633" - }, - { - "name" : "apple-ios-uikit-cve20123746(78706)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "85633", + "refsource": "OSVDB", + "url": "http://osvdb.org/85633" + }, + { + "name": "apple-ios-uikit-cve20123746(78706)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78706" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4216.json b/2012/4xxx/CVE-2012-4216.json index 2a9a0e4b164..87a998b7a00 100644 --- a/2012/4xxx/CVE-2012-4216.json +++ b/2012/4xxx/CVE-2012-4216.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798853", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798853" - }, - { - "name" : "DSA-2583", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2583" - }, - { - "name" : "DSA-2584", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2584" - }, - { - "name" : "DSA-2588", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2588" - }, - { - "name" : "MDVSA-2012:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" - }, - { - "name" : "RHSA-2012:1482", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" - }, - { - "name" : "RHSA-2012:1483", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html" - }, - { - "name" : "openSUSE-SU-2012:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" - }, - { - "name" : "openSUSE-SU-2012:1585", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" - }, - { - "name" : "openSUSE-SU-2012:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" - }, - { - "name" : "SUSE-SU-2012:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" - }, - { - "name" : "openSUSE-SU-2013:0175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" - }, - { - "name" : "USN-1638-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-1" - }, - { - "name" : "USN-1638-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-3" - }, - { - "name" : "USN-1638-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-2" - }, - { - "name" : "USN-1636-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1636-1" - }, - { - "name" : "56634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56634" - }, - { - "name" : "87609", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87609" - }, - { - "name" : "oval:org.mitre.oval:def:16902", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16902" - }, - { - "name" : "51359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51359" - }, - { - "name" : "51360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51360" - }, - { - "name" : "51369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51369" - }, - { - "name" : "51381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51381" - }, - { - "name" : "51434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51434" - }, - { - "name" : "51439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51439" - }, - { - "name" : "51440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51440" - }, - { - "name" : "51370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51370" - }, - { - "name" : "firefox-getfontentry-code-exec(80189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "firefox-getfontentry-code-exec(80189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80189" + }, + { + "name": "USN-1638-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-3" + }, + { + "name": "51370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51370" + }, + { + "name": "USN-1638-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-2" + }, + { + "name": "openSUSE-SU-2012:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" + }, + { + "name": "87609", + "refsource": "OSVDB", + "url": "http://osvdb.org/87609" + }, + { + "name": "USN-1636-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1636-1" + }, + { + "name": "openSUSE-SU-2013:0175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" + }, + { + "name": "RHSA-2012:1483", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" + }, + { + "name": "56634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56634" + }, + { + "name": "DSA-2584", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2584" + }, + { + "name": "RHSA-2012:1482", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" + }, + { + "name": "51434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51434" + }, + { + "name": "openSUSE-SU-2012:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" + }, + { + "name": "51439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51439" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=798853", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=798853" + }, + { + "name": "51440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51440" + }, + { + "name": "USN-1638-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-1" + }, + { + "name": "SUSE-SU-2012:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" + }, + { + "name": "51359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51359" + }, + { + "name": "MDVSA-2012:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" + }, + { + "name": "openSUSE-SU-2012:1585", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" + }, + { + "name": "51381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51381" + }, + { + "name": "oval:org.mitre.oval:def:16902", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16902" + }, + { + "name": "DSA-2583", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2583" + }, + { + "name": "51369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51369" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" + }, + { + "name": "51360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51360" + }, + { + "name": "DSA-2588", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2588" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4315.json b/2012/4xxx/CVE-2012-4315.json index 081ded61728..61ead28276e 100644 --- a/2012/4xxx/CVE-2012-4315.json +++ b/2012/4xxx/CVE-2012-4315.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4315", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4315", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4578.json b/2012/4xxx/CVE-2012-4578.json index de23fce11df..9de32306ef5 100644 --- a/2012/4xxx/CVE-2012-4578.json +++ b/2012/4xxx/CVE-2012-4578.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[freebsd-security] 20120820 [HEADSUP] geli(4) weak master key generation on -CURRENT", - "refsource" : "MLIST", - "url" : "http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006541.html" - }, - { - "name" : "freebsd-geli-weak-security(78057)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freebsd-geli-weak-security(78057)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78057" + }, + { + "name": "[freebsd-security] 20120820 [HEADSUP] geli(4) weak master key generation on -CURRENT", + "refsource": "MLIST", + "url": "http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006541.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4949.json b/2012/4xxx/CVE-2012-4949.json index e2369ef5f61..2fa383f56a2 100644 --- a/2012/4xxx/CVE-2012-4949.json +++ b/2012/4xxx/CVE-2012-4949.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#795644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/795644" - }, - { - "name" : "esriarcgis-where-sql-injection(79977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "esriarcgis-where-sql-injection(79977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79977" + }, + { + "name": "VU#795644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/795644" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6016.json b/2012/6xxx/CVE-2012-6016.json index 871d013d41b..0216013f913 100644 --- a/2012/6xxx/CVE-2012-6016.json +++ b/2012/6xxx/CVE-2012-6016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5253.json b/2015/5xxx/CVE-2015-5253.json index c4d0acfcaea..56e963cf9eb 100644 --- a/2015/5xxx/CVE-2015-5253.json +++ b/2015/5xxx/CVE-2015-5253.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a \"wrapping attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151114 New security advisory for Apache CXF", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/14/1" - }, - { - "name" : "http://cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc" - }, - { - "name" : "https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commitdiff;h=845eccb6484b43ba02875c71e824db23ae4f20c0", - "refsource" : "CONFIRM", - "url" : "https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commitdiff;h=845eccb6484b43ba02875c71e824db23ae4f20c0" - }, - { - "name" : "RHSA-2016:0321", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0321.html" - }, - { - "name" : "1034162", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a \"wrapping attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc" + }, + { + "name": "https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commitdiff;h=845eccb6484b43ba02875c71e824db23ae4f20c0", + "refsource": "CONFIRM", + "url": "https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commitdiff;h=845eccb6484b43ba02875c71e824db23ae4f20c0" + }, + { + "name": "1034162", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034162" + }, + { + "name": "RHSA-2016:0321", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0321.html" + }, + { + "name": "[oss-security] 20151114 New security advisory for Apache CXF", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/14/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5412.json b/2015/5xxx/CVE-2015-5412.json index 698408e9e5a..d6eebbdf798 100644 --- a/2015/5xxx/CVE-2015-5412.json +++ b/2015/5xxx/CVE-2015-5412.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115" - }, - { - "name" : "1033378", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033378", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033378" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5614.json b/2015/5xxx/CVE-2015-5614.json index 84ccd492bda..0b71e8d6e56 100644 --- a/2015/5xxx/CVE-2015-5614.json +++ b/2015/5xxx/CVE-2015-5614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5614", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5614", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2207.json b/2017/2xxx/CVE-2017-2207.json index 0f4ca67e551..c60b136abfb 100644 --- a/2017/2xxx/CVE-2017-2207.json +++ b/2017/2xxx/CVE-2017-2207.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of SaAT Personal", - "version" : { - "version_data" : [ - { - "version_value" : "ver.1.0.10.272 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NetMove Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of SaAT Personal", + "version": { + "version_data": [ + { + "version_value": "ver.1.0.10.272 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NetMove Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.saat.jp/information/personal/2017/0531_security_update_info.php", - "refsource" : "CONFIRM", - "url" : "https://www.saat.jp/information/personal/2017/0531_security_update_info.php" - }, - { - "name" : "JVN#08020381", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN08020381/index.html" - }, - { - "name" : "98809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#08020381", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN08020381/index.html" + }, + { + "name": "98809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98809" + }, + { + "name": "https://www.saat.jp/information/personal/2017/0531_security_update_info.php", + "refsource": "CONFIRM", + "url": "https://www.saat.jp/information/personal/2017/0531_security_update_info.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2637.json b/2017/2xxx/CVE-2017-2637.json index 63284edb9d5..e12f7149d56 100644 --- a/2017/2xxx/CVE-2017-2637.json +++ b/2017/2xxx/CVE-2017-2637.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-2637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rhosp-director", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "9.9/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rhosp-director", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://access.redhat.com/solutions/3022771", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/solutions/3022771" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637" - }, - { - "name" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0007", - "refsource" : "CONFIRM", - "url" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0007" - }, - { - "name" : "RHSA-2017:1242", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1242" - }, - { - "name" : "RHSA-2017:1504", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1504" - }, - { - "name" : "RHSA-2017:1537", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1537" - }, - { - "name" : "RHSA-2017:1546", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1546" - }, - { - "name" : "98576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "9.9/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1546", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1546" + }, + { + "name": "RHSA-2017:1537", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1537" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637" + }, + { + "name": "98576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98576" + }, + { + "name": "https://wiki.openstack.org/wiki/OSSN/OSSN-0007", + "refsource": "CONFIRM", + "url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0007" + }, + { + "name": "https://access.redhat.com/solutions/3022771", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/solutions/3022771" + }, + { + "name": "RHSA-2017:1242", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1242" + }, + { + "name": "RHSA-2017:1504", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1504" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2742.json b/2017/2xxx/CVE-2017-2742.json index 9702230504b..d3d3604aeb2 100644 --- a/2017/2xxx/CVE-2017-2742.json +++ b/2017/2xxx/CVE-2017-2742.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "hp-security-alert@hp.com", - "DATE_PUBLIC" : "2017-01-17T00:00:00", - "ID" : "CVE-2017-2742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HP Web Jetadmin", - "version" : { - "version_data" : [ - { - "version_value" : "before 10.4 SR2" - } - ] - } - } - ] - }, - "vendor_name" : "HP Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "DATE_PUBLIC": "2017-01-17T00:00:00", + "ID": "CVE-2017-2742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HP Web Jetadmin", + "version": { + "version_data": [ + { + "version_value": "before 10.4 SR2" + } + ] + } + } + ] + }, + "vendor_name": "HP Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI03556", - "refsource" : "HP", - "url" : "https://support.hp.com/us-en/document/c05541534" - }, - { - "name" : "1038760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038760" + }, + { + "name": "HPSBPI03556", + "refsource": "HP", + "url": "https://support.hp.com/us-en/document/c05541534" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11276.json b/2018/11xxx/CVE-2018-11276.json index d019afd8642..3d622369d52 100644 --- a/2018/11xxx/CVE-2018-11276.json +++ b/2018/11xxx/CVE-2018-11276.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Double Free Issue in Kernel" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=83a44ca6057bf9c1e36515cded28edc32a4a1501", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=83a44ca6057bf9c1e36515cded28edc32a4a1501" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free Issue in Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=83a44ca6057bf9c1e36515cded28edc32a4a1501", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=83a44ca6057bf9c1e36515cded28edc32a4a1501" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11843.json b/2018/11xxx/CVE-2018-11843.json index 9cc8c2fa593..91c599c0fba 100644 --- a/2018/11xxx/CVE-2018-11843.json +++ b/2018/11xxx/CVE-2018-11843.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ddc0e519f59fda7a8e17355ad6c3b00b8808542e", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ddc0e519f59fda7a8e17355ad6c3b00b8808542e" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ddc0e519f59fda7a8e17355ad6c3b00b8808542e", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ddc0e519f59fda7a8e17355ad6c3b00b8808542e" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14216.json b/2018/14xxx/CVE-2018-14216.json index 5799220eee8..fbb0e8287e4 100644 --- a/2018/14xxx/CVE-2018-14216.json +++ b/2018/14xxx/CVE-2018-14216.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14216", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14216", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14411.json b/2018/14xxx/CVE-2018-14411.json index b10877e3050..ccf8571671a 100644 --- a/2018/14xxx/CVE-2018-14411.json +++ b/2018/14xxx/CVE-2018-14411.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14411", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14411", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14504.json b/2018/14xxx/CVE-2018-14504.json index 820093540f0..b4e24842e20 100644 --- a/2018/14xxx/CVE-2018-14504.json +++ b/2018/14xxx/CVE-2018-14504.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar\" onclick=\"alert(1)')." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f", - "refsource" : "CONFIRM", - "url" : "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f" - }, - { - "name" : "https://mantisbt.org/blog/archives/mantisbt/602", - "refsource" : "CONFIRM", - "url" : "https://mantisbt.org/blog/archives/mantisbt/602" - }, - { - "name" : "https://mantisbt.org/bugs/view.php?id=24608", - "refsource" : "CONFIRM", - "url" : "https://mantisbt.org/bugs/view.php?id=24608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar\" onclick=\"alert(1)')." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://mantisbt.org/bugs/view.php?id=24608", + "refsource": "CONFIRM", + "url": "https://mantisbt.org/bugs/view.php?id=24608" + }, + { + "name": "https://mantisbt.org/blog/archives/mantisbt/602", + "refsource": "CONFIRM", + "url": "https://mantisbt.org/blog/archives/mantisbt/602" + }, + { + "name": "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f", + "refsource": "CONFIRM", + "url": "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14537.json b/2018/14xxx/CVE-2018-14537.json index e9d15bc5b37..fed2a8f71f1 100644 --- a/2018/14xxx/CVE-2018-14537.json +++ b/2018/14xxx/CVE-2018-14537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14537", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14537", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14862.json b/2018/14xxx/CVE-2018-14862.json index 7faa4d6dcf7..99ef3bd0239 100644 --- a/2018/14xxx/CVE-2018-14862.json +++ b/2018/14xxx/CVE-2018-14862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14862", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14862", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15256.json b/2018/15xxx/CVE-2018-15256.json index 7a608b3c1d8..844459abba3 100644 --- a/2018/15xxx/CVE-2018-15256.json +++ b/2018/15xxx/CVE-2018-15256.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15256", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15256", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15614.json b/2018/15xxx/CVE-2018-15614.json index e5772f74b86..fb6b34d7611 100644 --- a/2018/15xxx/CVE-2018-15614.json +++ b/2018/15xxx/CVE-2018-15614.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "securityalerts@avaya.com", - "ID" : "CVE-2018-15614", - "STATE" : "PUBLIC", - "TITLE" : "IP Office one-X Portal XSS" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IP Office", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "11.x", - "version_value" : "11.0 SP1" - }, - { - "affected" : "<", - "version_name" : "10.x", - "version_value" : "10.1 SP4" - } - ] - } - } - ] - }, - "vendor_name" : "Avaya" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.8, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n" - } + "CVE_data_meta": { + "ASSIGNER": "securityalerts@avaya.com", + "ID": "CVE-2018-15614", + "STATE": "PUBLIC", + "TITLE": "IP Office one-X Portal XSS" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IP Office", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "11.x", + "version_value": "11.0 SP1" + }, + { + "affected": "<", + "version_name": "10.x", + "version_value": "10.1 SP4" + } + ] + } + } + ] + }, + "vendor_name": "Avaya" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://downloads.avaya.com/css/P8/documents/101054317", - "refsource" : "CONFIRM", - "url" : "https://downloads.avaya.com/css/P8/documents/101054317" - } - ] - }, - "source" : { - "advisory" : "ASA-2018-384" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://downloads.avaya.com/css/P8/documents/101054317", + "refsource": "CONFIRM", + "url": "https://downloads.avaya.com/css/P8/documents/101054317" + } + ] + }, + "source": { + "advisory": "ASA-2018-384" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15847.json b/2018/15xxx/CVE-2018-15847.json index 9299685021f..5e02ba8029b 100644 --- a/2018/15xxx/CVE-2018-15847.json +++ b/2018/15xxx/CVE-2018-15847.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the \"Add Page/URL\" URL link field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/choregus/puppyCMS/issues/12", - "refsource" : "MISC", - "url" : "https://github.com/choregus/puppyCMS/issues/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the \"Add Page/URL\" URL link field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/choregus/puppyCMS/issues/12", + "refsource": "MISC", + "url": "https://github.com/choregus/puppyCMS/issues/12" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8085.json b/2018/8xxx/CVE-2018-8085.json index 25150dd7402..311bc51dcad 100644 --- a/2018/8xxx/CVE-2018-8085.json +++ b/2018/8xxx/CVE-2018-8085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8686.json b/2018/8xxx/CVE-2018-8686.json index 149d8cecbf2..5a1d4286fac 100644 --- a/2018/8xxx/CVE-2018-8686.json +++ b/2018/8xxx/CVE-2018-8686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8734.json b/2018/8xxx/CVE-2018-8734.json index 3686c195018..7fa1c262b7d 100644 --- a/2018/8xxx/CVE-2018-8734.json +++ b/2018/8xxx/CVE-2018-8734.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44560", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44560/" - }, - { - "name" : "44969", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44969/" - }, - { - "name" : "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT", - "refsource" : "MISC", - "url" : "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT" - }, - { - "name" : "https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f", - "refsource" : "MISC", - "url" : "https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f" - }, - { - "name" : "https://www.nagios.com/downloads/nagios-xi/change-log/", - "refsource" : "MISC", - "url" : "https://www.nagios.com/downloads/nagios-xi/change-log/" - }, - { - "name" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html", - "refsource" : "MISC", - "url" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f", + "refsource": "MISC", + "url": "https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f" + }, + { + "name": "44560", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44560/" + }, + { + "name": "https://www.nagios.com/downloads/nagios-xi/change-log/", + "refsource": "MISC", + "url": "https://www.nagios.com/downloads/nagios-xi/change-log/" + }, + { + "name": "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html", + "refsource": "MISC", + "url": "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html" + }, + { + "name": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT", + "refsource": "MISC", + "url": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT" + }, + { + "name": "44969", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44969/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8851.json b/2018/8xxx/CVE-2018-8851.json index fd604722c25..32ed3d9e7e1 100644 --- a/2018/8xxx/CVE-2018-8851.json +++ b/2018/8xxx/CVE-2018-8851.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-07-19T00:00:00", - "ID" : "CVE-2018-8851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartServer 1", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - }, - { - "product_name" : "SmartServer 2", - "version" : { - "version_data" : [ - { - "version_value" : "all versions prior to release 4.11.007" - } - ] - } - }, - { - "product_name" : "i.LON 100", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - }, - { - "product_name" : "i.LON 600", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - } - ] - }, - "vendor_name" : "Echelon" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNPROTECTED STORAGE OF CREDENTIALS CWE-256" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-07-19T00:00:00", + "ID": "CVE-2018-8851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartServer 1", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SmartServer 2", + "version": { + "version_data": [ + { + "version_value": "all versions prior to release 4.11.007" + } + ] + } + }, + { + "product_name": "i.LON 100", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "i.LON 600", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + }, + "vendor_name": "Echelon" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8883.json b/2018/8xxx/CVE-2018-8883.json index 91b18ca43fd..747bb28943e 100644 --- a/2018/8xxx/CVE-2018-8883.json +++ b/2018/8xxx/CVE-2018-8883.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392447", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392447", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392447" + } + ] + } +} \ No newline at end of file