diff --git a/2005/0xxx/CVE-2005-0486.json b/2005/0xxx/CVE-2005-0486.json index c5e0831b4fa..891ee6f9e88 100644 --- a/2005/0xxx/CVE-2005-0486.json +++ b/2005/0xxx/CVE-2005-0486.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tarantella.com/security/bulletin-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.tarantella.com/security/bulletin-11.html" - }, - { - "name" : "tarantella-enterprise-obtain-information(19407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tarantella-enterprise-obtain-information(19407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19407" + }, + { + "name": "http://www.tarantella.com/security/bulletin-11.html", + "refsource": "CONFIRM", + "url": "http://www.tarantella.com/security/bulletin-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0545.json b/2005/0xxx/CVE-2005-0545.json index 1b5e67f80ff..a0d6d1ab168 100644 --- a/2005/0xxx/CVE-2005-0545.json +++ b/2005/0xxx/CVE-2005-0545.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050223 Office 10 applications & flashdrives can be used to browse restricted drives", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/391332" - }, - { - "name" : "20050225 Re: Office 10 applications & flashdrives can be used to browse restricted", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110935549821930&w=2" - }, - { - "name" : "12641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050223 Office 10 applications & flashdrives can be used to browse restricted drives", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/391332" + }, + { + "name": "12641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12641" + }, + { + "name": "20050225 Re: Office 10 applications & flashdrives can be used to browse restricted", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110935549821930&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0635.json b/2005/0xxx/CVE-2005-0635.json index 6c547254d11..de1770bd7dd 100644 --- a/2005/0xxx/CVE-2005-0635.json +++ b/2005/0xxx/CVE-2005-0635.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050302 Foxmail server \"USER\" command Multiple remote buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/391960" - }, - { - "name" : "12711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12711" - }, - { - "name" : "1013356", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013356" - }, - { - "name" : "14145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050302 Foxmail server \"USER\" command Multiple remote buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/391960" + }, + { + "name": "12711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12711" + }, + { + "name": "1013356", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013356" + }, + { + "name": "14145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14145" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0743.json b/2005/0xxx/CVE-2005-0743.json index ca5baf4ad0d..c5ebff27f5d 100644 --- a/2005/0xxx/CVE-2005-0743.json +++ b/2005/0xxx/CVE-2005-0743.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050308 [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/392626" - }, - { - "name" : "http://www.xoops.org/modules/news/article.php?storyid=2114", - "refsource" : "CONFIRM", - "url" : "http://www.xoops.org/modules/news/article.php?storyid=2114" - }, - { - "name" : "12754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12754" - }, - { - "name" : "14520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14520" - }, - { - "name" : "xoops-uploader-file-upload(19634)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14520" + }, + { + "name": "http://www.xoops.org/modules/news/article.php?storyid=2114", + "refsource": "CONFIRM", + "url": "http://www.xoops.org/modules/news/article.php?storyid=2114" + }, + { + "name": "20050308 [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/392626" + }, + { + "name": "12754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12754" + }, + { + "name": "xoops-uploader-file-upload(19634)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1060.json b/2005/1xxx/CVE-2005-1060.json index c9f772bdf6f..a66dfda3d21 100644 --- a/2005/1xxx/CVE-2005-1060.json +++ b/2005/1xxx/CVE-2005-1060.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970467.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970467.htm" - }, - { - "name" : "13067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13067" - }, - { - "name" : "14874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14874" - }, - { - "name" : "novell-netware-tcpipnlm-dos(20024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970467.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970467.htm" + }, + { + "name": "14874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14874" + }, + { + "name": "novell-netware-tcpipnlm-dos(20024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20024" + }, + { + "name": "13067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13067" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1642.json b/2005/1xxx/CVE-2005-1642.json index 614d2716e05..82ff1960052 100644 --- a/2005/1xxx/CVE-2005-1642.json +++ b/2005/1xxx/CVE-2005-1642.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050516 Woltlab Burning Board SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-05/0199.html" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00075-05162005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00075-05162005" - }, - { - "name" : "20050516 Re: Woltlab Burning Board SQL Injection Vulnerability (fwd)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2005-May/000047.html" - }, - { - "name" : "ADV-2005-0558", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0558" - }, - { - "name" : "16575", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16575" - }, - { - "name" : "15395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gulftech.org/?node=research&article_id=00075-05162005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00075-05162005" + }, + { + "name": "ADV-2005-0558", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0558" + }, + { + "name": "20050516 Re: Woltlab Burning Board SQL Injection Vulnerability (fwd)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2005-May/000047.html" + }, + { + "name": "15395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15395" + }, + { + "name": "20050516 Woltlab Burning Board SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-05/0199.html" + }, + { + "name": "16575", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16575" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1845.json b/2005/1xxx/CVE-2005-1845.json index 8f157af92d5..3fea3f4f48e 100644 --- a/2005/1xxx/CVE-2005-1845.json +++ b/2005/1xxx/CVE-2005-1845.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1845", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1845", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1939.json b/2005/1xxx/CVE-2005-1939.json index 77959f5308f..4ba9f141396 100644 --- a/2005/1xxx/CVE-2005-1939.json +++ b/2005/1xxx/CVE-2005-1939.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via \"..\" (dot dot) sequences in a request to the Report service (TCP 8022)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2005-14/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-14/advisory/" - }, - { - "name" : "http://cirt.dk/advisories/cirt-40-advisory.pdf", - "refsource" : "MISC", - "url" : "http://cirt.dk/advisories/cirt-40-advisory.pdf" - }, - { - "name" : "15291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15291" - }, - { - "name" : "15500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15500" - }, - { - "name" : "1015141", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015141" - }, - { - "name" : "whatsup-smallbusiness-dotdot-traversal(22969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via \"..\" (dot dot) sequences in a request to the Report service (TCP 8022)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15500" + }, + { + "name": "http://cirt.dk/advisories/cirt-40-advisory.pdf", + "refsource": "MISC", + "url": "http://cirt.dk/advisories/cirt-40-advisory.pdf" + }, + { + "name": "whatsup-smallbusiness-dotdot-traversal(22969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22969" + }, + { + "name": "15291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15291" + }, + { + "name": "1015141", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015141" + }, + { + "name": "http://secunia.com/secunia_research/2005-14/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-14/advisory/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3043.json b/2005/3xxx/CVE-2005-3043.json index 254945f85e7..e445b821739 100644 --- a/2005/3xxx/CVE-2005-3043.json +++ b/2005/3xxx/CVE-2005-3043.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://systemsecure.org/ssforum/viewtopic.php?t=277", - "refsource" : "MISC", - "url" : "http://systemsecure.org/ssforum/viewtopic.php?t=277" - }, - { - "name" : "http://packetstormsecurity.org/0509-exploits/mall23.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0509-exploits/mall23.txt" - }, - { - "name" : "14898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14898" - }, - { - "name" : "ADV-2005-1811", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1811" - }, - { - "name" : "19595", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19595" - }, - { - "name" : "16903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16903" - }, - { - "name" : "mall23-additem-sql-injection(22356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0509-exploits/mall23.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0509-exploits/mall23.txt" + }, + { + "name": "http://systemsecure.org/ssforum/viewtopic.php?t=277", + "refsource": "MISC", + "url": "http://systemsecure.org/ssforum/viewtopic.php?t=277" + }, + { + "name": "16903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16903" + }, + { + "name": "14898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14898" + }, + { + "name": "mall23-additem-sql-injection(22356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22356" + }, + { + "name": "19595", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19595" + }, + { + "name": "ADV-2005-1811", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1811" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3332.json b/2005/3xxx/CVE-2005-3332.json index 5a5104cf040..4930675c86c 100644 --- a/2005/3xxx/CVE-2005-3332.json +++ b/2005/3xxx/CVE-2005-3332.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15207" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3361.json b/2005/3xxx/CVE-2005-3361.json index 6f3babd46d8..9848515ee97 100644 --- a/2005/3xxx/CVE-2005-3361.json +++ b/2005/3xxx/CVE-2005-3361.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051024 Flat Nuke Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113019486931157&w=2" - }, - { - "name" : "ADV-2005-2178", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2178" - }, - { - "name" : "20246", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051024 Flat Nuke Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113019486931157&w=2" + }, + { + "name": "ADV-2005-2178", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2178" + }, + { + "name": "20246", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20246" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4064.json b/2005/4xxx/CVE-2005-4064.json index cafcdb09102..c4d33c72691 100644 --- a/2005/4xxx/CVE-2005-4064.json +++ b/2005/4xxx/CVE-2005-4064.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html" - }, - { - "name" : "15741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15741" - }, - { - "name" : "ADV-2005-2763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2763" - }, - { - "name" : "21472", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21472" - }, - { - "name" : "21473", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21473" - }, - { - "name" : "17900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17900" + }, + { + "name": "21472", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21472" + }, + { + "name": "ADV-2005-2763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2763" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html" + }, + { + "name": "15741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15741" + }, + { + "name": "21473", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21473" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4065.json b/2005/4xxx/CVE-2005-4065.json index f2383776f7d..6cb418d9bbd 100644 --- a/2005/4xxx/CVE-2005-4065.json +++ b/2005/4xxx/CVE-2005-4065.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.edgewall.com/trac/wiki/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://projects.edgewall.com/trac/wiki/ChangeLog" - }, - { - "name" : "[Trac] 20051205 SECURITY: Trac 0.9.2 Released", - "refsource" : "MLIST", - "url" : "http://lists.edgewall.com/archive/trac/2005-December/005777.html" - }, - { - "name" : "DSA-951", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-951" - }, - { - "name" : "15720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15720" - }, - { - "name" : "ADV-2005-2766", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2766" - }, - { - "name" : "21459", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21459" - }, - { - "name" : "17894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17894" - }, - { - "name" : "18555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18555" - }, - { - "name" : "222", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18555" + }, + { + "name": "21459", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21459" + }, + { + "name": "[Trac] 20051205 SECURITY: Trac 0.9.2 Released", + "refsource": "MLIST", + "url": "http://lists.edgewall.com/archive/trac/2005-December/005777.html" + }, + { + "name": "222", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/222" + }, + { + "name": "17894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17894" + }, + { + "name": "http://projects.edgewall.com/trac/wiki/ChangeLog", + "refsource": "CONFIRM", + "url": "http://projects.edgewall.com/trac/wiki/ChangeLog" + }, + { + "name": "ADV-2005-2766", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2766" + }, + { + "name": "DSA-951", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-951" + }, + { + "name": "15720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15720" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4556.json b/2005/4xxx/CVE-2005-4556.json index ff27f456f64..266cfe6c062 100644 --- a/2005/4xxx/CVE-2005-4556.json +++ b/2005/4xxx/CVE-2005-4556.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051227 Secunia Research: IceWarp Web Mail Multiple File InclusionVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420255/100/0/threaded" - }, - { - "name" : "20051227 Secunia Research: IceWarp Web Mail Multiple File", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113570229524828&w=2" - }, - { - "name" : "http://secunia.com/secunia_research/2005-62/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-62/advisory/" - }, - { - "name" : "16069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16069" - }, - { - "name" : "22077", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22077" - }, - { - "name" : "22078", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22078" - }, - { - "name" : "1015412", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015412" - }, - { - "name" : "17046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17046" - }, - { - "name" : "17865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22078", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22078" + }, + { + "name": "17865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17865" + }, + { + "name": "16069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16069" + }, + { + "name": "17046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17046" + }, + { + "name": "1015412", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015412" + }, + { + "name": "20051227 Secunia Research: IceWarp Web Mail Multiple File", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113570229524828&w=2" + }, + { + "name": "http://secunia.com/secunia_research/2005-62/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-62/advisory/" + }, + { + "name": "20051227 Secunia Research: IceWarp Web Mail Multiple File InclusionVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420255/100/0/threaded" + }, + { + "name": "22077", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22077" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4633.json b/2005/4xxx/CVE-2005-4633.json index 2673f5a4640..7bffc66b091 100644 --- a/2005/4xxx/CVE-2005-4633.json +++ b/2005/4xxx/CVE-2005-4633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4633", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4619. Reason: This candidate is a duplicate of CVE-2005-4619. Notes: All CVE users should reference CVE-2005-4619 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4633", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4619. Reason: This candidate is a duplicate of CVE-2005-4619. Notes: All CVE users should reference CVE-2005-4619 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4774.json b/2005/4xxx/CVE-2005-4774.json index 69468bad0ec..27628df7a03 100644 --- a/2005/4xxx/CVE-2005-4774.json +++ b/2005/4xxx/CVE-2005-4774.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15135" - }, - { - "name" : "20077", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20077" - }, - { - "name" : "1015079", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015079" - }, - { - "name" : "17243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17243" - }, - { - "name" : "xerver-null-character-xss(22787)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20077", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20077" + }, + { + "name": "xerver-null-character-xss(22787)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22787" + }, + { + "name": "15135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15135" + }, + { + "name": "1015079", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015079" + }, + { + "name": "17243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17243" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4820.json b/2005/4xxx/CVE-2005-4820.json index 5789556a7ad..fe83d7bb730 100644 --- a/2005/4xxx/CVE-2005-4820.json +++ b/2005/4xxx/CVE-2005-4820.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14809" - }, - { - "name" : "smc-router-flood-dos(40019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14809" + }, + { + "name": "smc-router-flood-dos(40019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40019" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4840.json b/2005/4xxx/CVE-2005-4840.json index 3feb5268646..fa42d1e9a02 100644 --- a/2005/4xxx/CVE-2005-4840.json +++ b/2005/4xxx/CVE-2005-4840.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050301 IObjectSafety and Internet Explorer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/391803" - }, - { - "name" : "20070606 IE 6 / MS Office Outlook Express Address Book Activex DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470694/100/0/threaded" - }, - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html" - }, - { - "name" : "26836", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26836" - }, - { - "name" : "outlook-addressbook-activex-dos(34755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070606 IE 6 / MS Office Outlook Express Address Book Activex DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470694/100/0/threaded" + }, + { + "name": "26836", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26836" + }, + { + "name": "outlook-addressbook-activex-dos(34755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34755" + }, + { + "name": "20050301 IObjectSafety and Internet Explorer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/391803" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0018.json b/2009/0xxx/CVE-2009-0018.json index 8ea059b4a5c..d4240928bb5 100644 --- a/2009/0xxx/CVE-2009-0018.json +++ b/2009/0xxx/CVE-2009-0018.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "33759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33759" - }, - { - "name" : "33816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33816" - }, - { - "name" : "ADV-2009-0422", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0422" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "33759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33759" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "ADV-2009-0422", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0422" + }, + { + "name": "33816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33816" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0036.json b/2009/0xxx/CVE-2009-0036.json index b419751da75..e4abc0c51d3 100644 --- a/2009/0xxx/CVE-2009-0036.json +++ b/2009/0xxx/CVE-2009-0036.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html" - }, - { - "name" : "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html" - }, - { - "name" : "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html" - }, - { - "name" : "[oss-security] 20090210 libvirt_proxy heads up", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/02/10/8" - }, - { - "name" : "http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28", - "refsource" : "CONFIRM", - "url" : "http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=484947", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=484947" - }, - { - "name" : "RHSA-2009:0382", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0382.html" - }, - { - "name" : "33724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33724" - }, - { - "name" : "oval:org.mitre.oval:def:10127", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127" - }, - { - "name" : "34397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10127", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127" + }, + { + "name": "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html" + }, + { + "name": "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html" + }, + { + "name": "33724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33724" + }, + { + "name": "[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=484947", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484947" + }, + { + "name": "RHSA-2009:0382", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html" + }, + { + "name": "http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28", + "refsource": "CONFIRM", + "url": "http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28" + }, + { + "name": "[oss-security] 20090210 libvirt_proxy heads up", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/02/10/8" + }, + { + "name": "34397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34397" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0513.json b/2009/0xxx/CVE-2009-0513.json index c89c60eff12..7dbd39f8871 100644 --- a/2009/0xxx/CVE-2009-0513.json +++ b/2009/0xxx/CVE-2009-0513.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8025", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8025" - }, - { - "name" : "33701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8025", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8025" + }, + { + "name": "33701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33701" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0908.json b/2009/0xxx/CVE-2009-0908.json index adc3304f124..26ef862e5f2 100644 --- a/2009/0xxx/CVE-2009-0908.json +++ b/2009/0xxx/CVE-2009-0908.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2009/Apr/0036.html" - }, - { - "name" : "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000054.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0005.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0005.html" - }, - { - "name" : "34373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34373" - }, - { - "name" : "oval:org.mitre.oval:def:6399", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399" - }, - { - "name" : "1021975", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021975" - }, - { - "name" : "ADV-2009-0944", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html" + }, + { + "name": "34373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34373" + }, + { + "name": "oval:org.mitre.oval:def:6399", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399" + }, + { + "name": "1021975", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021975" + }, + { + "name": "ADV-2009-0944", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0944" + }, + { + "name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1020.json b/2009/1xxx/CVE-2009-1020.json index 01c27ac57ac..c3f7a065329 100644 --- a/2009/1xxx/CVE-2009-1020.json +++ b/2009/1xxx/CVE-2009-1020.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35684" - }, - { - "name" : "55897", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55897" - }, - { - "name" : "1022560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022560" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-database-netfoundation-unspecified(51749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55897", + "refsource": "OSVDB", + "url": "http://osvdb.org/55897" + }, + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "35684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35684" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "1022560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022560" + }, + { + "name": "oracle-database-netfoundation-unspecified(51749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51749" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1401.json b/2009/1xxx/CVE-2009-1401.json index 41d43b82dfa..5d46d5ab0a4 100644 --- a/2009/1xxx/CVE-2009-1401.json +++ b/2009/1xxx/CVE-2009-1401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3448.json b/2009/3xxx/CVE-2009-3448.json index 313385ca445..68f362c9dae 100644 --- a/2009/3xxx/CVE-2009-3448.json +++ b/2009/3xxx/CVE-2009-3448.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos", - "refsource" : "MISC", - "url" : "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos" - }, - { - "name" : "36489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36489" - }, - { - "name" : "58329", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58329" - }, - { - "name" : "1022941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022941" - }, - { - "name" : "36847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36847" - }, - { - "name" : "netvault-npvmgr-dos(53434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022941" + }, + { + "name": "58329", + "refsource": "OSVDB", + "url": "http://osvdb.org/58329" + }, + { + "name": "36489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36489" + }, + { + "name": "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos", + "refsource": "MISC", + "url": "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos" + }, + { + "name": "netvault-npvmgr-dos(53434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53434" + }, + { + "name": "36847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36847" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3658.json b/2009/3xxx/CVE-2009-3658.json index 005261a5a8f..b7f096f151e 100644 --- a/2009/3xxx/CVE-2009-3658.json +++ b/2009/3xxx/CVE-2009-3658.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091001 AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506889/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/9sg_aol_91_superbuddy.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_aol_91_superbuddy.html" - }, - { - "name" : "36580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36580" - }, - { - "name" : "oval:org.mitre.oval:def:6704", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704" - }, - { - "name" : "36919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36919" - }, - { - "name" : "ADV-2009-2812", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2812" - }, - { - "name" : "aol-superbuddy-activex-code-exec(53614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://retrogod.altervista.org/9sg_aol_91_superbuddy.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_aol_91_superbuddy.html" + }, + { + "name": "ADV-2009-2812", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2812" + }, + { + "name": "20091001 AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506889/100/0/threaded" + }, + { + "name": "36580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36580" + }, + { + "name": "oval:org.mitre.oval:def:6704", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704" + }, + { + "name": "36919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36919" + }, + { + "name": "aol-superbuddy-activex-code-exec(53614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53614" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3924.json b/2009/3xxx/CVE-2009-3924.json index 4bc5c3187e0..23ded23338a 100644 --- a/2009/3xxx/CVE-2009-3924.json +++ b/2009/3xxx/CVE-2009-3924.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/sof2pbbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/sof2pbbof-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/sof2pbbof.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/sof2pbbof.zip" - }, - { - "name" : "36221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36221" - }, - { - "name" : "punkbuster-pbsv-bo(52400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/sof2pbbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/sof2pbbof-adv.txt" + }, + { + "name": "punkbuster-pbsv-bo(52400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52400" + }, + { + "name": "http://aluigi.org/poc/sof2pbbof.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/sof2pbbof.zip" + }, + { + "name": "36221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36221" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4877.json b/2009/4xxx/CVE-2009-4877.json index ae29bfb80bd..e7f2963c0d7 100644 --- a/2009/4xxx/CVE-2009-4877.json +++ b/2009/4xxx/CVE-2009-4877.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=695900", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=695900" - }, - { - "name" : "55798", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55798" - }, - { - "name" : "35775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35775" - }, - { - "name" : "webgui-unspecified-csrf(51668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55798", + "refsource": "OSVDB", + "url": "http://osvdb.org/55798" + }, + { + "name": "35775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35775" + }, + { + "name": "webgui-unspecified-csrf(51668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51668" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=695900", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=695900" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2089.json b/2012/2xxx/CVE-2012-2089.json index 102a4bd3e0d..e0fe0995cdd 100644 --- a/2012/2xxx/CVE-2012-2089.json +++ b/2012/2xxx/CVE-2012-2089.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120412 nginx security advisory: mp4 module vulnerability, CVE-2012-2089", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/12/9" - }, - { - "name" : "http://nginx.org/en/security_advisories.html", - "refsource" : "CONFIRM", - "url" : "http://nginx.org/en/security_advisories.html" - }, - { - "name" : "FEDORA-2012-6238", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html" - }, - { - "name" : "FEDORA-2012-6371", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html" - }, - { - "name" : "FEDORA-2012-6411", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html" - }, - { - "name" : "52999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52999" - }, - { - "name" : "1026924", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026924" - }, - { - "name" : "nginx-ngxhttpmp4module-bo(74831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nginx-ngxhttpmp4module-bo(74831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74831" + }, + { + "name": "1026924", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026924" + }, + { + "name": "FEDORA-2012-6371", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html" + }, + { + "name": "FEDORA-2012-6411", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html" + }, + { + "name": "http://nginx.org/en/security_advisories.html", + "refsource": "CONFIRM", + "url": "http://nginx.org/en/security_advisories.html" + }, + { + "name": "52999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52999" + }, + { + "name": "[oss-security] 20120412 nginx security advisory: mp4 module vulnerability, CVE-2012-2089", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/12/9" + }, + { + "name": "FEDORA-2012-6238", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2114.json b/2012/2xxx/CVE-2012-2114.json index 173e311a8bf..0efaffe8deb 100644 --- a/2012/2xxx/CVE-2012-2114.json +++ b/2012/2xxx/CVE-2012-2114.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[musl] 20120417 musl security advisory #001: stack buffer overflow in vfprintf with long output", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/musl/2012/04/17/1" - }, - { - "name" : "[oss-security] 20120418 Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/18/6" - }, - { - "name" : "[oss-security] 20120418 Stack-based buffer overflow in musl libc 0.8.7 and earlier", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/18/5" - }, - { - "name" : "http://www.etalabs.net/musl/download.html", - "refsource" : "CONFIRM", - "url" : "http://www.etalabs.net/musl/download.html" - }, - { - "name" : "53144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[musl] 20120417 musl security advisory #001: stack buffer overflow in vfprintf with long output", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/musl/2012/04/17/1" + }, + { + "name": "[oss-security] 20120418 Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/18/6" + }, + { + "name": "[oss-security] 20120418 Stack-based buffer overflow in musl libc 0.8.7 and earlier", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/18/5" + }, + { + "name": "http://www.etalabs.net/musl/download.html", + "refsource": "CONFIRM", + "url": "http://www.etalabs.net/musl/download.html" + }, + { + "name": "53144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53144" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2429.json b/2012/2xxx/CVE-2012-2429.json index 8e6525bb4fe..dc01efc97a1 100644 --- a/2012/2xxx/CVE-2012-2429.json +++ b/2012/2xxx/CVE-2012-2429.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-2429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6063.json b/2012/6xxx/CVE-2012-6063.json index 012a4411161..1dd43b3dfb3 100644 --- a/2012/6xxx/CVE-2012-6063.json +++ b/2012/6xxx/CVE-2012-6063.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=871612", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=871612" - }, - { - "name" : "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", - "refsource" : "CONFIRM", - "url" : "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2" - }, - { - "name" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", - "refsource" : "CONFIRM", - "url" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/" - }, - { - "name" : "DSA-2577", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=871612", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871612" + }, + { + "name": "DSA-2577", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2577" + }, + { + "name": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", + "refsource": "CONFIRM", + "url": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/" + }, + { + "name": "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", + "refsource": "CONFIRM", + "url": "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6149.json b/2012/6xxx/CVE-2012-6149.json index 7f385fd2a65..89af1f0125b 100644 --- a/2012/6xxx/CVE-2012-6149.json +++ b/2012/6xxx/CVE-2012-6149.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=882000", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=882000" - }, - { - "name" : "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85", - "refsource" : "CONFIRM", - "url" : "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85" - }, - { - "name" : "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f", - "refsource" : "CONFIRM", - "url" : "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f" - }, - { - "name" : "RHSA-2014:0148", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0148.html" - }, - { - "name" : "SUSE-SU-2014:0222", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html" - }, - { - "name" : "56952", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85", + "refsource": "CONFIRM", + "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=882000", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000" + }, + { + "name": "56952", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56952" + }, + { + "name": "RHSA-2014:0148", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html" + }, + { + "name": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f", + "refsource": "CONFIRM", + "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f" + }, + { + "name": "SUSE-SU-2014:0222", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1012.json b/2015/1xxx/CVE-2015-1012.json index e369933882d..a2b11af50b1 100644 --- a/2015/1xxx/CVE-2015-1012.json +++ b/2015/1xxx/CVE-2015-1012.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1012", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1012", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1757.json b/2015/1xxx/CVE-2015-1757.json index 7506ea81079..5e00ede1743 100644 --- a/2015/1xxx/CVE-2015-1757.json +++ b/2015/1xxx/CVE-2015-1757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka \"ADFS XSS Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-062", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-062" - }, - { - "name" : "75023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75023" - }, - { - "name" : "1032526", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka \"ADFS XSS Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75023" + }, + { + "name": "1032526", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032526" + }, + { + "name": "MS15-062", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-062" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1920.json b/2015/1xxx/CVE-2015-1920.json index 173641c2d88..26b8abde0b8 100644 --- a/2015/1xxx/CVE-2015-1920.json +++ b/2015/1xxx/CVE-2015-1920.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883573", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883573" - }, - { - "name" : "PI38302", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38302" - }, - { - "name" : "74439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74439" - }, - { - "name" : "1032249", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883573", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883573" + }, + { + "name": "74439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74439" + }, + { + "name": "1032249", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032249" + }, + { + "name": "PI38302", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38302" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5207.json b/2015/5xxx/CVE-2015-5207.json index 6a660190a09..f441cf5e39b 100644 --- a/2015/5xxx/CVE-2015-5207.json +++ b/2015/5xxx/CVE-2015-5207.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160427 CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538211/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html" - }, - { - "name" : "https://cordova.apache.org/announcements/2016/04/27/security.html", - "refsource" : "CONFIRM", - "url" : "https://cordova.apache.org/announcements/2016/04/27/security.html" - }, - { - "name" : "JVN#35341085", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN35341085/index.html" - }, - { - "name" : "JVNDB-2016-000058", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html" - }, - { - "name" : "88764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/88764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html" + }, + { + "name": "https://cordova.apache.org/announcements/2016/04/27/security.html", + "refsource": "CONFIRM", + "url": "https://cordova.apache.org/announcements/2016/04/27/security.html" + }, + { + "name": "JVNDB-2016-000058", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html" + }, + { + "name": "20160427 CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538211/100/0/threaded" + }, + { + "name": "88764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/88764" + }, + { + "name": "JVN#35341085", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN35341085/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5217.json b/2015/5xxx/CVE-2015-5217.json index d45afdf5982..c2ae8108831 100644 --- a/2015/5xxx/CVE-2015-5217.json +++ b/2015/5xxx/CVE-2015-5217.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151027 Multiple CVE info for Ipsilon", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/27/8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255172", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255172" - }, - { - "name" : "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1" - }, - { - "name" : "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6", - "refsource" : "CONFIRM", - "url" : "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6", + "refsource": "CONFIRM", + "url": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6" + }, + { + "name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172" + }, + { + "name": "[oss-security] 20151027 Multiple CVE info for Ipsilon", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/10/27/8" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5324.json b/2015/5xxx/CVE-2015-5324.json index db02a140ce8..3695ffd7262 100644 --- a/2015/5xxx/CVE-2015-5324.json +++ b/2015/5xxx/CVE-2015-5324.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - }, - { - "name" : "RHSA-2016:0489", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0489.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0489", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" + }, + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5432.json b/2015/5xxx/CVE-2015-5432.json index c574a8e8372..4e81cc2e279 100644 --- a/2015/5xxx/CVE-2015-5432.json +++ b/2015/5xxx/CVE-2015-5432.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774021", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774021", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774021" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5861.json b/2015/5xxx/CVE-2015-5861.json index e0144169980..b8920b1eb2e 100644 --- a/2015/5xxx/CVE-2015-5861.json +++ b/2015/5xxx/CVE-2015-5861.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11194.json b/2018/11xxx/CVE-2018-11194.json index 63a5315dd53..d6c86e4b483 100644 --- a/2018/11xxx/CVE-2018-11194.json +++ b/2018/11xxx/CVE-2018-11194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11452.json b/2018/11xxx/CVE-2018-11452.json index 2540b6d2b5c..d5abe9d9cf0 100644 --- a/2018/11xxx/CVE-2018-11452.json +++ b/2018/11xxx/CVE-2018-11452.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-07-11T00:00:00", - "ID" : "CVE-2018-11452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firmware variant IEC 61850 for EN100 Ethernet module, Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC104 for EN100 Ethernet module", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware variant IEC 61850 for EN100 Ethernet module : All versions < V4.33" - }, - { - "version_value" : "Firmware variant PROFINET IO for EN100 Ethernet module: All versions" - }, - { - "version_value" : "Firmware variant Modbus TCP for EN100 Ethernet module : All versions" - }, - { - "version_value" : "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions" - }, - { - "version_value" : "Firmware variant IEC104 for EN100 Ethernet module : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20: Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-07-11T00:00:00", + "ID": "CVE-2018-11452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firmware variant IEC 61850 for EN100 Ethernet module, Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC104 for EN100 Ethernet module", + "version": { + "version_data": [ + { + "version_value": "Firmware variant IEC 61850 for EN100 Ethernet module : All versions < V4.33" + }, + { + "version_value": "Firmware variant PROFINET IO for EN100 Ethernet module: All versions" + }, + { + "version_value": "Firmware variant Modbus TCP for EN100 Ethernet module : All versions" + }, + { + "version_value": "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions" + }, + { + "version_value": "Firmware variant IEC104 for EN100 Ethernet module : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf" - }, - { - "name" : "106221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf" + }, + { + "name": "106221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106221" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11522.json b/2018/11xxx/CVE-2018-11522.json index e46ca36487b..c2b232b82c0 100644 --- a/2018/11xxx/CVE-2018-11522.json +++ b/2018/11xxx/CVE-2018-11522.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yosoro 1.0.4 has stored XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44803", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44803/" - }, - { - "name" : "http://packetstormsecurity.com/files/147978/Yosoro-1.0.4-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147978/Yosoro-1.0.4-Remote-Code-Execution.html" - }, - { - "name" : "https://github.com/IceEnd/Yosoro/issues/11", - "refsource" : "CONFIRM", - "url" : "https://github.com/IceEnd/Yosoro/issues/11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yosoro 1.0.4 has stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44803", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44803/" + }, + { + "name": "http://packetstormsecurity.com/files/147978/Yosoro-1.0.4-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147978/Yosoro-1.0.4-Remote-Code-Execution.html" + }, + { + "name": "https://github.com/IceEnd/Yosoro/issues/11", + "refsource": "CONFIRM", + "url": "https://github.com/IceEnd/Yosoro/issues/11" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11885.json b/2018/11xxx/CVE-2018-11885.json index 219cbf96b60..4daf73e47ac 100644 --- a/2018/11xxx/CVE-2018-11885.json +++ b/2018/11xxx/CVE-2018-11885.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11885", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11885", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11991.json b/2018/11xxx/CVE-2018-11991.json index ff78b0f08fc..22c79eb9daf 100644 --- a/2018/11xxx/CVE-2018-11991.json +++ b/2018/11xxx/CVE-2018-11991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11991", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11991", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15501.json b/2018/15xxx/CVE-2018-15501.json index 104da1cb924..6324191557e 100644 --- a/2018/15xxx/CVE-2018-15501.json +++ b/2018/15xxx/CVE-2018-15501.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html" - }, - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1104641", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1104641" - }, - { - "name" : "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", - "refsource" : "MISC", - "url" : "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649" - }, - { - "name" : "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", - "refsource" : "MISC", - "url" : "https://github.com/libgit2/libgit2/releases/tag/v0.26.6" - }, - { - "name" : "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", - "refsource" : "MISC", - "url" : "https://github.com/libgit2/libgit2/releases/tag/v0.27.4" - }, - { - "name" : "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", - "refsource" : "MISC", - "url" : "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406" + }, + { + "name": "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", + "refsource": "MISC", + "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.4" + }, + { + "name": "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", + "refsource": "MISC", + "url": "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1104641", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1104641" + }, + { + "name": "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html" + }, + { + "name": "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", + "refsource": "MISC", + "url": "https://github.com/libgit2/libgit2/releases/tag/v0.26.6" + }, + { + "name": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", + "refsource": "MISC", + "url": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3061.json b/2018/3xxx/CVE-2018-3061.json index 68f3a2bcf55..9189bb85007 100644 --- a/2018/3xxx/CVE-2018-3061.json +++ b/2018/3xxx/CVE-2018-3061.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.22 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.22 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3725-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3725-1/" - }, - { - "name" : "104785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104785" - }, - { - "name" : "1041294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "USN-3725-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3725-1/" + }, + { + "name": "1041294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041294" + }, + { + "name": "104785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104785" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3460.json b/2018/3xxx/CVE-2018-3460.json index ee84d1b8fe7..9bbcd1739e9 100644 --- a/2018/3xxx/CVE-2018-3460.json +++ b/2018/3xxx/CVE-2018-3460.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3460", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3460", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3492.json b/2018/3xxx/CVE-2018-3492.json index 52483a27a5a..55477a78165 100644 --- a/2018/3xxx/CVE-2018-3492.json +++ b/2018/3xxx/CVE-2018-3492.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3492", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3492", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3560.json b/2018/3xxx/CVE-2018-3560.json index 679946b71d0..a686f869bbd 100644 --- a/2018/3xxx/CVE-2018-3560.json +++ b/2018/3xxx/CVE-2018-3560.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2018-3560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2018-3560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7782.json b/2018/7xxx/CVE-2018-7782.json index 1c18eac16bd..12a2b916ec2 100644 --- a/2018/7xxx/CVE-2018-7782.json +++ b/2018/7xxx/CVE-2018-7782.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-04-24T00:00:00", - "ID" : "CVE-2018-7782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pelco Sarix Professional V1", - "version" : { - "version_data" : [ - { - "version_value" : "Pelco Sarix Pro 1 st generation with firmware versions prior to 3.29.69" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authenticated password disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-04-24T00:00:00", + "ID": "CVE-2018-7782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pelco Sarix Professional V1", + "version": { + "version_data": [ + { + "version_value": "Pelco Sarix Pro 1 st generation with firmware versions prior to 3.29.69" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated password disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8533.json b/2018/8xxx/CVE-2018-8533.json index 1efc8f4f82e..86a39ddcf98 100644 --- a/2018/8xxx/CVE-2018-8533.json +++ b/2018/8xxx/CVE-2018-8533.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SQL Server Management Studio 17.9", - "version" : { - "version_data" : [ - { - "version_value" : "SQL Server Management Studio 17.9" - } - ] - } - }, - { - "product_name" : "SQL Server Management Studio 18.0", - "version" : { - "version_data" : [ - { - "version_value" : "(Preview 4)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka \"SQL Server Management Studio Information Disclosure Vulnerability.\" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SQL Server Management Studio 17.9", + "version": { + "version_data": [ + { + "version_value": "SQL Server Management Studio 17.9" + } + ] + } + }, + { + "product_name": "SQL Server Management Studio 18.0", + "version": { + "version_data": [ + { + "version_value": "(Preview 4)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45583", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45583/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533" - }, - { - "name" : "105476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105476" - }, - { - "name" : "1041826", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka \"SQL Server Management Studio Information Disclosure Vulnerability.\" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533" + }, + { + "name": "45583", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45583/" + }, + { + "name": "1041826", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041826" + }, + { + "name": "105476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105476" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8576.json b/2018/8xxx/CVE-2018-8576.json index f80db78fbfa..536749fc97b 100644 --- a/2018/8xxx/CVE-2018-8576.json +++ b/2018/8xxx/CVE-2018-8576.json @@ -1,116 +1,116 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2019 for 32-bit editions" - }, - { - "version_value" : "2019 for 64-bit editions" - } - ] - } - }, - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "365 ProPlus for 32-bit Systems" - }, - { - "version_value" : "365 ProPlus for 64-bit Systems" - } - ] - } - }, - { - "product_name" : "Microsoft Outlook", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "365 ProPlus for 32-bit Systems" + }, + { + "version_value": "365 ProPlus for 64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Outlook", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8576", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8576" - }, - { - "name" : "105822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105822" - }, - { - "name" : "1042110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8576", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8576" + }, + { + "name": "105822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105822" + }, + { + "name": "1042110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042110" + } + ] + } +} \ No newline at end of file