diff --git a/2002/0xxx/CVE-2002-0172.json b/2002/0xxx/CVE-2002-0172.json index f27393efcc2..49ff58b00f4 100644 --- a/2002/0xxx/CVE-2002-0172.json +++ b/2002/0xxx/CVE-2002-0172.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020408-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I" - }, - { - "name" : "VU#770891", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/770891" - }, - { - "name" : "4648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4648" - }, - { - "name" : "4695", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4695" - }, - { - "name" : "irix-ipfilter-dos(8960)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8960.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "irix-ipfilter-dos(8960)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8960.php" + }, + { + "name": "4648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4648" + }, + { + "name": "VU#770891", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/770891" + }, + { + "name": "4695", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4695" + }, + { + "name": "20020408-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0313.json b/2002/0xxx/CVE-2002-0313.json index c9340a9bafb..d41bcfea628 100644 --- a/2002/0xxx/CVE-2002-0313.json +++ b/2002/0xxx/CVE-2002-0313.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/258365" - }, - { - "name" : "20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101440530023617&w=2" - }, - { - "name" : "20030704 Essentia Web Server 2.12 (Linux)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006231.html" - }, - { - "name" : "essentia-server-long-request-dos(8249)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8249.php" - }, - { - "name" : "4159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/258365" + }, + { + "name": "20030704 Essentia Web Server 2.12 (Linux)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006231.html" + }, + { + "name": "essentia-server-long-request-dos(8249)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8249.php" + }, + { + "name": "20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101440530023617&w=2" + }, + { + "name": "4159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4159" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0330.json b/2002/0xxx/CVE-2002-0330.json index e23ab30d870..ae90f1da99d 100644 --- a/2002/0xxx/CVE-2002-0330.json +++ b/2002/0xxx/CVE-2002-0330.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020225 Open Bulletin Board javascript bug.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101466092601554&w=2" - }, - { - "name" : "http://community.iansoft.net/read.php?TID=5159", - "refsource" : "CONFIRM", - "url" : "http://community.iansoft.net/read.php?TID=5159" - }, - { - "name" : "4171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4171" - }, - { - "name" : "openbb-img-css(8278)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8278.php" - }, - { - "name" : "5658", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020225 Open Bulletin Board javascript bug.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101466092601554&w=2" + }, + { + "name": "http://community.iansoft.net/read.php?TID=5159", + "refsource": "CONFIRM", + "url": "http://community.iansoft.net/read.php?TID=5159" + }, + { + "name": "4171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4171" + }, + { + "name": "openbb-img-css(8278)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8278.php" + }, + { + "name": "5658", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5658" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1220.json b/2002/1xxx/CVE-2002-1220.json index c5f2ef361d2..6c7b97135ad 100644 --- a/2002/1xxx/CVE-2002-1220.json +++ b/2002/1xxx/CVE-2002-1220.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8", - "refsource" : "ISS", - "url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469" - }, - { - "name" : "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103713117612842&w=2" - }, - { - "name" : "http://www.isc.org/products/BIND/bind-security.html", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/products/BIND/bind-security.html" - }, - { - "name" : "CA-2002-31", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-31.html" - }, - { - "name" : "VU#229595", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/229595" - }, - { - "name" : "2002-11-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" - }, - { - "name" : "MDKSA-2002:077", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php" - }, - { - "name" : "DSA-196", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-196" - }, - { - "name" : "N-013", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-013.shtml" - }, - { - "name" : "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/300019" - }, - { - "name" : "SSRT2408", - "refsource" : "COMPAQ", - "url" : "http://online.securityfocus.com/advisories/4999" - }, - { - "name" : "20021118 TSLSA-2002-0076 - bind", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103763574715133&w=2" - }, - { - "name" : "6161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6161" - }, - { - "name" : "oval:org.mitre.oval:def:449", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449" - }, - { - "name" : "bind-opt-rr-dos(10332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2002-31", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-31.html" + }, + { + "name": "http://www.isc.org/products/BIND/bind-security.html", + "refsource": "CONFIRM", + "url": "http://www.isc.org/products/BIND/bind-security.html" + }, + { + "name": "2002-11-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:449", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449" + }, + { + "name": "DSA-196", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-196" + }, + { + "name": "SSRT2408", + "refsource": "COMPAQ", + "url": "http://online.securityfocus.com/advisories/4999" + }, + { + "name": "20021118 TSLSA-2002-0076 - bind", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103763574715133&w=2" + }, + { + "name": "VU#229595", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/229595" + }, + { + "name": "bind-opt-rr-dos(10332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10332" + }, + { + "name": "6161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6161" + }, + { + "name": "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/300019" + }, + { + "name": "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103713117612842&w=2" + }, + { + "name": "N-013", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-013.shtml" + }, + { + "name": "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8", + "refsource": "ISS", + "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469" + }, + { + "name": "MDKSA-2002:077", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1824.json b/2002/1xxx/CVE-2002-1824.json index d0a8c7d6c51..0f32e92f38a 100644 --- a/2002/1xxx/CVE-2002-1824.json +++ b/2002/1xxx/CVE-2002-1824.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020923 IE6 SSL Certificate Chain Verification", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/292842" - }, - { - "name" : "5778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5778" - }, - { - "name" : "ie-ssl-certificate-expired(10180)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10180.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-ssl-certificate-expired(10180)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10180.php" + }, + { + "name": "20020923 IE6 SSL Certificate Chain Verification", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/292842" + }, + { + "name": "5778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5778" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2430.json b/2002/2xxx/CVE-2002-2430.json index 2cc97ed5f55..f97cdcb333b 100644 --- a/2002/2xxx/CVE-2002-2430.json +++ b/2002/2xxx/CVE-2002-2430.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865", - "refsource" : "CONFIRM", - "url" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865", + "refsource": "CONFIRM", + "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1196.json b/2005/1xxx/CVE-2005-1196.json index 220d4ac6337..c517747c905 100644 --- a/2005/1xxx/CVE-2005-1196.json +++ b/2005/1xxx/CVE-2005-1196.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050418 phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111384185116335&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050418 phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111384185116335&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1254.json b/2005/1xxx/CVE-2005-1254.json index 4f034cf153d..4bd7dde859a 100644 --- a/2005/1xxx/CVE-2005-1254.json +++ b/2005/1xxx/CVE-2005-1254.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050524 Ipswitch IMail IMAP SELECT Command DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=241&type=vulnerabilities" - }, - { - "name" : "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html", - "refsource" : "CONFIRM", - "url" : "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html" - }, - { - "name" : "13727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13727" - }, - { - "name" : "1014047", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html", + "refsource": "CONFIRM", + "url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html" + }, + { + "name": "13727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13727" + }, + { + "name": "1014047", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014047" + }, + { + "name": "20050524 Ipswitch IMail IMAP SELECT Command DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=241&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1403.json b/2005/1xxx/CVE-2005-1403.json index 2cc25b6f91e..9d52ee8f328 100644 --- a/2005/1xxx/CVE-2005-1403.json +++ b/2005/1xxx/CVE-2005-1403.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html" - }, - { - "name" : "13427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13427" - }, - { - "name" : "13426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13426" - }, - { - "name" : "13425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13425" - }, - { - "name" : "13419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13419" - }, - { - "name" : "15893", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15893" - }, - { - "name" : "15894", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15894" - }, - { - "name" : "15892", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15892" - }, - { - "name" : "1013836", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013836" - }, - { - "name" : "15155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13419" + }, + { + "name": "13425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13425" + }, + { + "name": "13426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13426" + }, + { + "name": "15894", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15894" + }, + { + "name": "13427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13427" + }, + { + "name": "15893", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15893" + }, + { + "name": "15892", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15892" + }, + { + "name": "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/04/amazon-webstore-script-injection-and.html" + }, + { + "name": "15155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15155" + }, + { + "name": "1013836", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013836" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1579.json b/2005/1xxx/CVE-2005-1579.json index 65cab307f27..a4e218de0b6 100644 --- a/2005/1xxx/CVE-2005-1579.json +++ b/2005/1xxx/CVE-2005-1579.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050511 [DR018] Quartz Composer / QuickTime 7 information leakage", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0265.html" - }, - { - "name" : "http://remahl.se/david/vuln/018", - "refsource" : "MISC", - "url" : "http://remahl.se/david/vuln/018" - }, - { - "name" : "[quartzcomposer-dev] 20050510 Quartz Quicktime embedded in remote webpages...", - "refsource" : "MLIST", - "url" : "http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00250.html" - }, - { - "name" : "[quartzcomposer-dev] 20050511 Re: Quartz Quicktime embedded in remote webpages...", - "refsource" : "MLIST", - "url" : "http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00263.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=301714", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=301714" - }, - { - "name" : "APPLE-SA-2005-05-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00006.html" - }, - { - "name" : "13603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13603" - }, - { - "name" : "ADV-2005-0531", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0531" - }, - { - "name" : "16376", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16376" - }, - { - "name" : "1013961", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013961" - }, - { - "name" : "15307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=301714", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=301714" + }, + { + "name": "ADV-2005-0531", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0531" + }, + { + "name": "http://remahl.se/david/vuln/018", + "refsource": "MISC", + "url": "http://remahl.se/david/vuln/018" + }, + { + "name": "13603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13603" + }, + { + "name": "20050511 [DR018] Quartz Composer / QuickTime 7 information leakage", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0265.html" + }, + { + "name": "15307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15307" + }, + { + "name": "APPLE-SA-2005-05-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00006.html" + }, + { + "name": "[quartzcomposer-dev] 20050510 Quartz Quicktime embedded in remote webpages...", + "refsource": "MLIST", + "url": "http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00250.html" + }, + { + "name": "1013961", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013961" + }, + { + "name": "16376", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16376" + }, + { + "name": "[quartzcomposer-dev] 20050511 Re: Quartz Quicktime embedded in remote webpages...", + "refsource": "MLIST", + "url": "http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00263.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1843.json b/2005/1xxx/CVE-2005-1843.json index 43caef1fa88..e4aecb0b929 100644 --- a/2005/1xxx/CVE-2005-1843.json +++ b/2005/1xxx/CVE-2005-1843.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050829 Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=296&type=vulnerabilities" - }, - { - "name" : "http://www.adobe.com/support/techdocs/327129.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/327129.html" - }, - { - "name" : "14638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14638" - }, - { - "name" : "1014776", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014776" - }, - { - "name" : "16541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14638" + }, + { + "name": "http://www.adobe.com/support/techdocs/327129.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/327129.html" + }, + { + "name": "1014776", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014776" + }, + { + "name": "16541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16541" + }, + { + "name": "20050829 Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=296&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1935.json b/2005/1xxx/CVE-2005-1935.json index 90912edf782..5e2af324449 100644 --- a/2005/1xxx/CVE-2005-1935.json +++ b/2005/1xxx/CVE-2005-1935.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phreedom.org/solar/exploits/msasn1-bitstring/", - "refsource" : "MISC", - "url" : "http://www.phreedom.org/solar/exploits/msasn1-bitstring/" - }, - { - "name" : "asn1-constructed-heap-overflow(20870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asn1-constructed-heap-overflow(20870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20870" + }, + { + "name": "http://www.phreedom.org/solar/exploits/msasn1-bitstring/", + "refsource": "MISC", + "url": "http://www.phreedom.org/solar/exploits/msasn1-bitstring/" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1994.json b/2005/1xxx/CVE-2005-1994.json index 733e23bf8fd..c8aef954029 100644 --- a/2005/1xxx/CVE-2005-1994.json +++ b/2005/1xxx/CVE-2005-1994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using \"%2e\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050614 URL-Encoding Problem in Finjan SurfinGate", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111877410528692&w=2" - }, - { - "name" : "ADV-2005-0778", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0778" - }, - { - "name" : "17324", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17324" - }, - { - "name" : "15711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15711" - }, - { - "name" : "finjan-surfingate-security-bypass(21010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using \"%2e\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17324", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17324" + }, + { + "name": "finjan-surfingate-security-bypass(21010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21010" + }, + { + "name": "20050614 URL-Encoding Problem in Finjan SurfinGate", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111877410528692&w=2" + }, + { + "name": "ADV-2005-0778", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0778" + }, + { + "name": "15711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15711" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0766.json b/2009/0xxx/CVE-2009-0766.json index 46c9d80d479..d58e751b462 100644 --- a/2009/0xxx/CVE-2009-0766.json +++ b/2009/0xxx/CVE-2009-0766.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33832" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1194.json b/2009/1xxx/CVE-2009-1194.json index e11d353df7c..b4d3e096797 100644 --- a/2009/1xxx/CVE-2009-1194.json +++ b/2009/1xxx/CVE-2009-1194.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503349/100/0/threaded" - }, - { - "name" : "[oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/07/1" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2009-001.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2009-001.html" - }, - { - "name" : "http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e", - "refsource" : "CONFIRM", - "url" : "http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=480134", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=480134" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=496887", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=496887" - }, - { - "name" : "https://launchpad.net/bugs/cve/2009-1194", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/cve/2009-1194" - }, - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-36.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-36.html" - }, - { - "name" : "DSA-1798", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1798" - }, - { - "name" : "RHSA-2009:0476", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0476.html" - }, - { - "name" : "264308", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:039", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" - }, - { - "name" : "USN-773-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-773-1" - }, - { - "name" : "34870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34870" - }, - { - "name" : "35758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35758" - }, - { - "name" : "54279", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54279" - }, - { - "name" : "oval:org.mitre.oval:def:10137", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137" - }, - { - "name" : "1022196", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022196" - }, - { - "name" : "35018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35018" - }, - { - "name" : "35021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35021" - }, - { - "name" : "35027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35027" - }, - { - "name" : "35038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35038" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "35914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35914" - }, - { - "name" : "36145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36145" - }, - { - "name" : "36005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36005" - }, - { - "name" : "ADV-2009-1269", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1269" - }, - { - "name" : "ADV-2009-1972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1972" - }, - { - "name" : "pango-pangoglyphstringsetsize-bo(50397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35038" + }, + { + "name": "DSA-1798", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1798" + }, + { + "name": "http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e", + "refsource": "CONFIRM", + "url": "http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e" + }, + { + "name": "RHSA-2009:0476", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0476.html" + }, + { + "name": "36145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36145" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=480134", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=480134" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2009-001.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2009-001.html" + }, + { + "name": "35018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35018" + }, + { + "name": "35021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35021" + }, + { + "name": "34870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34870" + }, + { + "name": "1022196", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022196" + }, + { + "name": "54279", + "refsource": "OSVDB", + "url": "http://osvdb.org/54279" + }, + { + "name": "SUSE-SA:2009:039", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" + }, + { + "name": "[oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/07/1" + }, + { + "name": "ADV-2009-1269", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1269" + }, + { + "name": "35758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35758" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=496887", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496887" + }, + { + "name": "36005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36005" + }, + { + "name": "https://launchpad.net/bugs/cve/2009-1194", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/cve/2009-1194" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-36.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-36.html" + }, + { + "name": "USN-773-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-773-1" + }, + { + "name": "SUSE-SA:2009:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:10137", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137" + }, + { + "name": "35914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35914" + }, + { + "name": "ADV-2009-1972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1972" + }, + { + "name": "35027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35027" + }, + { + "name": "20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503349/100/0/threaded" + }, + { + "name": "pango-pangoglyphstringsetsize-bo(50397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50397" + }, + { + "name": "264308", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1534.json b/2009/1xxx/CVE-2009-1534.json index 5fe6e1e4ad8..25e4ce1813d 100644 --- a/2009/1xxx/CVE-2009-1534.json +++ b/2009/1xxx/CVE-2009-1534.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka \"Office Web Components Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043" - }, - { - "name" : "TA09-223A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" - }, - { - "name" : "35992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35992" - }, - { - "name" : "56916", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56916" - }, - { - "name" : "oval:org.mitre.oval:def:6326", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326" - }, - { - "name" : "1022708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka \"Office Web Components Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56916", + "refsource": "OSVDB", + "url": "http://osvdb.org/56916" + }, + { + "name": "TA09-223A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" + }, + { + "name": "oval:org.mitre.oval:def:6326", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326" + }, + { + "name": "35992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35992" + }, + { + "name": "1022708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022708" + }, + { + "name": "MS09-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1548.json b/2009/1xxx/CVE-2009-1548.json index 69b6b49ebf9..1f46c67260d 100644 --- a/2009/1xxx/CVE-2009-1548.json +++ b/2009/1xxx/CVE-2009-1548.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8600", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8600" - }, - { - "name" : "34811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34811" - }, - { - "name" : "54221", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54221" - }, - { - "name" : "34998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34998" - }, - { - "name" : "ADV-2009-1246", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1246", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1246" + }, + { + "name": "54221", + "refsource": "OSVDB", + "url": "http://osvdb.org/54221" + }, + { + "name": "8600", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8600" + }, + { + "name": "34998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34998" + }, + { + "name": "34811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34811" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1584.json b/2009/1xxx/CVE-2009-1584.json index f4c129ae781..84ad2d9aa5f 100644 --- a/2009/1xxx/CVE-2009-1584.json +++ b/2009/1xxx/CVE-2009-1584.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090505 BLIND SQL INJECTION EXPLOIT--TemaTres 1.0.3-->", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503256" - }, - { - "name" : "20090505 MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503252/100/0/threaded" - }, - { - "name" : "8615", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8615" - }, - { - "name" : "8616", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8616" - }, - { - "name" : "34830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34830" - }, - { - "name" : "54245", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54245" - }, - { - "name" : "54246", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54246" - }, - { - "name" : "34983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090505 BLIND SQL INJECTION EXPLOIT--TemaTres 1.0.3-->", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503256" + }, + { + "name": "8615", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8615" + }, + { + "name": "54246", + "refsource": "OSVDB", + "url": "http://osvdb.org/54246" + }, + { + "name": "34830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34830" + }, + { + "name": "54245", + "refsource": "OSVDB", + "url": "http://osvdb.org/54245" + }, + { + "name": "8616", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8616" + }, + { + "name": "20090505 MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503252/100/0/threaded" + }, + { + "name": "34983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34983" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1832.json b/2009/1xxx/CVE-2009-1832.json index 13909245b35..75b28319d63 100644 --- a/2009/1xxx/CVE-2009-1832.json +++ b/2009/1xxx/CVE-2009-1832.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving \"double frame construction.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-24.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=484031", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=484031" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503569", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503569" - }, - { - "name" : "DSA-1820", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1820" - }, - { - "name" : "DSA-1830", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1830" - }, - { - "name" : "FEDORA-2009-6366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" - }, - { - "name" : "FEDORA-2009-6411", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" - }, - { - "name" : "FEDORA-2009-7567", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html" - }, - { - "name" : "FEDORA-2009-7614", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html" - }, - { - "name" : "MDVSA-2009:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" - }, - { - "name" : "RHSA-2009:1095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html" - }, - { - "name" : "SSA:2009-167-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" - }, - { - "name" : "SSA:2009-176-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408" - }, - { - "name" : "SSA:2009-178-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" - }, - { - "name" : "265068", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1" - }, - { - "name" : "1020800", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1" - }, - { - "name" : "35326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35326" - }, - { - "name" : "35371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35371" - }, - { - "name" : "55148", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55148" - }, - { - "name" : "oval:org.mitre.oval:def:10237", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10237" - }, - { - "name" : "1022376", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022376" - }, - { - "name" : "1022397", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022397" - }, - { - "name" : "35331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35331" - }, - { - "name" : "35431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35431" - }, - { - "name" : "35439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35439" - }, - { - "name" : "35440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35440" - }, - { - "name" : "35468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35468" - }, - { - "name" : "35415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35415" - }, - { - "name" : "35561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35561" - }, - { - "name" : "35602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35602" - }, - { - "name" : "35882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35882" - }, - { - "name" : "ADV-2009-1572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1572" - }, - { - "name" : "ADV-2009-2152", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving \"double frame construction.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=484031", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=484031" + }, + { + "name": "265068", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1" + }, + { + "name": "ADV-2009-1572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1572" + }, + { + "name": "1020800", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1" + }, + { + "name": "SSA:2009-178-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" + }, + { + "name": "DSA-1830", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1830" + }, + { + "name": "oval:org.mitre.oval:def:10237", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10237" + }, + { + "name": "35602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35602" + }, + { + "name": "FEDORA-2009-7614", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html" + }, + { + "name": "35326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35326" + }, + { + "name": "35440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35440" + }, + { + "name": "FEDORA-2009-6411", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" + }, + { + "name": "35431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35431" + }, + { + "name": "55148", + "refsource": "OSVDB", + "url": "http://osvdb.org/55148" + }, + { + "name": "FEDORA-2009-7567", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html" + }, + { + "name": "35331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35331" + }, + { + "name": "35468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35468" + }, + { + "name": "ADV-2009-2152", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2152" + }, + { + "name": "35439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35439" + }, + { + "name": "35882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35882" + }, + { + "name": "FEDORA-2009-6366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" + }, + { + "name": "MDVSA-2009:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" + }, + { + "name": "35415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35415" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=503569", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503569" + }, + { + "name": "RHSA-2009:1095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html" + }, + { + "name": "1022376", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022376" + }, + { + "name": "SSA:2009-167-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" + }, + { + "name": "35561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35561" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-24.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-24.html" + }, + { + "name": "SSA:2009-176-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408" + }, + { + "name": "DSA-1820", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1820" + }, + { + "name": "1022397", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022397" + }, + { + "name": "35371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35371" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0012.json b/2012/0xxx/CVE-2012-0012.json index 28291899f8d..2790bc76d41 100644 --- a/2012/0xxx/CVE-2012-0012.json +++ b/2012/0xxx/CVE-2012-0012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka \"Null Byte Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010" - }, - { - "name" : "TA12-045A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14870", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka \"Null Byte Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-045A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" + }, + { + "name": "MS12-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010" + }, + { + "name": "oval:org.mitre.oval:def:14870", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14870" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0290.json b/2012/0xxx/CVE-2012-0290.json index 027c750f50b..c8828385ade 100644 --- a/2012/0xxx/CVE-2012-0290.json +++ b/2012/0xxx/CVE-2012-0290.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an \"open client session.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00" - }, - { - "name" : "51862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51862" - }, - { - "name" : "48092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48092" - }, - { - "name" : "pcanywhere-unauth-access(72996)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an \"open client session.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51862" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00" + }, + { + "name": "pcanywhere-unauth-access(72996)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72996" + }, + { + "name": "48092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48092" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0625.json b/2012/0xxx/CVE-2012-0625.json index 14b2f4f961a..f9cc7a5d4dd 100644 --- a/2012/0xxx/CVE-2012-0625.json +++ b/2012/0xxx/CVE-2012-0625.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "oval:org.mitre.oval:def:17364", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17364" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "oval:org.mitre.oval:def:17364", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17364" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2344.json b/2012/2xxx/CVE-2012-2344.json index abf6b988f14..3da2d375c20 100644 --- a/2012/2xxx/CVE-2012-2344.json +++ b/2012/2xxx/CVE-2012-2344.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2344", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2344", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3023.json b/2012/3xxx/CVE-2012-3023.json index 00152fa0b42..68e11bae5b9 100644 --- a/2012/3xxx/CVE-2012-3023.json +++ b/2012/3xxx/CVE-2012-3023.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3023", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3023", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3157.json b/2012/3xxx/CVE-2012-3157.json index 90f34c48ddc..02fa0b88147 100644 --- a/2012/3xxx/CVE-2012-3157.json +++ b/2012/3xxx/CVE-2012-3157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote authenticated users to affect integrity, related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "51019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51019" - }, - { - "name" : "flexcubedirectbanking-base-cve20123157(79360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote authenticated users to affect integrity, related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flexcubedirectbanking-base-cve20123157(79360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79360" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "51019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51019" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3230.json b/2012/3xxx/CVE-2012-3230.json index cbfabc34629..59032211f77 100644 --- a/2012/3xxx/CVE-2012-3230.json +++ b/2012/3xxx/CVE-2012-3230.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "86383", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86383" - }, - { - "name" : "1027674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027674" - }, - { - "name" : "51002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86383", + "refsource": "OSVDB", + "url": "http://osvdb.org/86383" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "1027674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027674" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "51002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51002" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3387.json b/2012/3xxx/CVE-2012-3387.json index a1052e2c39c..d3942293e89 100644 --- a/2012/3xxx/CVE-2012-3387.json +++ b/2012/3xxx/CVE-2012-3387.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120717 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/07/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948" - }, - { - "name" : "54481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54481" - }, - { - "name" : "49890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49890" - }, - { - "name" : "moodle-shortcut-sec-bypass(76954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948" + }, + { + "name": "49890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49890" + }, + { + "name": "[oss-security] 20120717 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/07/17/1" + }, + { + "name": "54481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54481" + }, + { + "name": "moodle-shortcut-sec-bypass(76954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76954" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4012.json b/2012/4xxx/CVE-2012-4012.json index 6d78c74e8fa..fefed18aab3 100644 --- a/2012/4xxx/CVE-2012-4012.json +++ b/2012/4xxx/CVE-2012-4012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20120910up02.php", - "refsource" : "CONFIRM", - "url" : "http://cs.cybozu.co.jp/information/20120910up02.php" - }, - { - "name" : "JVN#59652356", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN59652356/index.html" - }, - { - "name" : "JVNDB-2012-000084", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000084", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084" + }, + { + "name": "http://cs.cybozu.co.jp/information/20120910up02.php", + "refsource": "CONFIRM", + "url": "http://cs.cybozu.co.jp/information/20120910up02.php" + }, + { + "name": "JVN#59652356", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN59652356/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4513.json b/2012/4xxx/CVE-2012-4513.json index af91b490438..a97cb036fb8 100644 --- a/2012/4xxx/CVE-2012-4513.json +++ b/2012/4xxx/CVE-2012-4513.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121030 Medium risk security flaws in Konqueror", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html" - }, - { - "name" : "[oss-security] 20121011 Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/11/11" - }, - { - "name" : "[oss-security] 20121030 Medium risk security flaws in Konqueror", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/30/6" - }, - { - "name" : "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc", - "refsource" : "MISC", - "url" : "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc" - }, - { - "name" : "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53", - "refsource" : "CONFIRM", - "url" : "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53" - }, - { - "name" : "RHSA-2012:1416", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1416.html" - }, - { - "name" : "RHSA-2012:1418", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1418.html" - }, - { - "name" : "1027709", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027709" - }, - { - "name" : "51097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51097" - }, - { - "name" : "51145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51145" + }, + { + "name": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53", + "refsource": "CONFIRM", + "url": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53" + }, + { + "name": "RHSA-2012:1418", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1418.html" + }, + { + "name": "RHSA-2012:1416", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1416.html" + }, + { + "name": "1027709", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027709" + }, + { + "name": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc", + "refsource": "MISC", + "url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc" + }, + { + "name": "[oss-security] 20121011 Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/11/11" + }, + { + "name": "20121030 Medium risk security flaws in Konqueror", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html" + }, + { + "name": "[oss-security] 20121030 Medium risk security flaws in Konqueror", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/30/6" + }, + { + "name": "51097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51097" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4619.json b/2012/4xxx/CVE-2012-4619.json index fad0b510fa5..ac6d2c566bf 100644 --- a/2012/4xxx/CVE-2012-4619.json +++ b/2012/4xxx/CVE-2012-4619.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120926 Cisco IOS Software Network Address Translation Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat" - }, - { - "name" : "55705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55705" - }, - { - "name" : "1027579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120926 Cisco IOS Software Network Address Translation Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat" + }, + { + "name": "55705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55705" + }, + { + "name": "1027579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027579" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4666.json b/2012/4xxx/CVE-2012-4666.json index 64ffb126c17..a80a4a60315 100644 --- a/2012/4xxx/CVE-2012-4666.json +++ b/2012/4xxx/CVE-2012-4666.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4666", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4666", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4692.json b/2012/4xxx/CVE-2012-4692.json index d930e7235a3..1a64d282013 100644 --- a/2012/4xxx/CVE-2012-4692.json +++ b/2012/4xxx/CVE-2012-4692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4692", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4692", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6451.json b/2012/6xxx/CVE-2012-6451.json index 52de6ee0c36..25d1f467e23 100644 --- a/2012/6xxx/CVE-2012-6451.json +++ b/2012/6xxx/CVE-2012-6451.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6451", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6451", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6660.json b/2012/6xxx/CVE-2012-6660.json index dcddf5e2ef2..7501bf44651 100644 --- a/2012/6xxx/CVE-2012-6660.json +++ b/2012/6xxx/CVE-2012-6660.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" - }, - { - "name" : "https://twitter.com/digitalbond/status/619250429751222277", - "refsource" : "MISC", - "url" : "https://twitter.com/digitalbond/status/619250429751222277" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2407310-100+Vol.+F_Rev1.pdf?REQ=RAA&DIRECTION=2407310-100+Vol.+F&FILENAME=2407310-100%2BVol.%2BF_Rev1.pdf&FILEREV=1&DOCREV_ORG=1", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2407310-100+Vol.+F_Rev1.pdf?REQ=RAA&DIRECTION=2407310-100+Vol.+F&FILENAME=2407310-100%2BVol.%2BF_Rev1.pdf&FILEREV=1&DOCREV_ORG=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/2407310-100+Vol.+F_Rev1.pdf?REQ=RAA&DIRECTION=2407310-100+Vol.+F&FILENAME=2407310-100%2BVol.%2BF_Rev1.pdf&FILEREV=1&DOCREV_ORG=1", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2407310-100+Vol.+F_Rev1.pdf?REQ=RAA&DIRECTION=2407310-100+Vol.+F&FILENAME=2407310-100%2BVol.%2BF_Rev1.pdf&FILEREV=1&DOCREV_ORG=1" + }, + { + "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" + }, + { + "name": "https://twitter.com/digitalbond/status/619250429751222277", + "refsource": "MISC", + "url": "https://twitter.com/digitalbond/status/619250429751222277" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2178.json b/2017/2xxx/CVE-2017-2178.json index 8cb7c2d55cc..11b533cd39a 100644 --- a/2017/2xxx/CVE-2017-2178.json +++ b/2017/2xxx/CVE-2017-2178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of electronic tendering and bid opening system", - "version" : { - "version_data" : [ - { - "version_value" : "available prior to May 25, 2017" - } - ] - } - } - ] - }, - "vendor_name" : "Acquisition, Technology & Logistics Agency" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of electronic tendering and bid opening system", + "version": { + "version_data": [ + { + "version_value": "available prior to May 25, 2017" + } + ] + } + } + ] + }, + "vendor_name": "Acquisition, Technology & Logistics Agency" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html", - "refsource" : "CONFIRM", - "url" : "http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html" - }, - { - "name" : "JVN#75514460", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN75514460/index.html" - }, - { - "name" : "98725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#75514460", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN75514460/index.html" + }, + { + "name": "98725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98725" + }, + { + "name": "http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html", + "refsource": "CONFIRM", + "url": "http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2187.json b/2017/2xxx/CVE-2017-2187.json index 4f80389254a..619f69d760d 100644 --- a/2017/2xxx/CVE-2017-2187.json +++ b/2017/2xxx/CVE-2017-2187.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WP Live Chat Support", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 7.0.07" - } - ] - } - } - ] - }, - "vendor_name" : "CODECABIN_" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Live Chat Support", + "version": { + "version_data": [ + { + "version_value": "prior to version 7.0.07" + } + ] + } + } + ] + }, + "vendor_name": "CODECABIN_" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://plugins.trac.wordpress.org/changeset/1658232/", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1658232/" - }, - { - "name" : "JVN#70951878", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN70951878/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plugins.trac.wordpress.org/changeset/1658232/", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1658232/" + }, + { + "name": "JVN#70951878", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN70951878/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2677.json b/2017/2xxx/CVE-2017-2677.json index 313c5f6db22..bac484d4cfa 100644 --- a/2017/2xxx/CVE-2017-2677.json +++ b/2017/2xxx/CVE-2017-2677.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2677", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2677", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6130.json b/2017/6xxx/CVE-2017-6130.json index b9bfd775da7..934cc8123e5 100644 --- a/2017/6xxx/CVE-2017-6130.json +++ b/2017/6xxx/CVE-2017-6130.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2017-6130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0", - "version" : { - "version_data" : [ - { - "version_value" : "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server-Side Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2017-6130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0", + "version": { + "version_data": [ + { + "version_value": "SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K23001529", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K23001529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K23001529", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K23001529" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6195.json b/2017/6xxx/CVE-2017-6195.json index f924dbacf68..eb1d58fef2c 100644 --- a/2017/6xxx/CVE-2017-6195.json +++ b/2017/6xxx/CVE-2017-6195.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.siberas.de/assets/papers/ssa-1705_IPSWITCH_SQLinjection.txt", - "refsource" : "MISC", - "url" : "https://www.siberas.de/assets/papers/ssa-1705_IPSWITCH_SQLinjection.txt" - }, - { - "name" : "http://ft.ipswitch.com/rs/751-HBN-596/images/Ipswitch-Security-Bulletin-FT-Vulnerability.pdf", - "refsource" : "CONFIRM", - "url" : "http://ft.ipswitch.com/rs/751-HBN-596/images/Ipswitch-Security-Bulletin-FT-Vulnerability.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ft.ipswitch.com/rs/751-HBN-596/images/Ipswitch-Security-Bulletin-FT-Vulnerability.pdf", + "refsource": "CONFIRM", + "url": "http://ft.ipswitch.com/rs/751-HBN-596/images/Ipswitch-Security-Bulletin-FT-Vulnerability.pdf" + }, + { + "name": "https://www.siberas.de/assets/papers/ssa-1705_IPSWITCH_SQLinjection.txt", + "refsource": "MISC", + "url": "https://www.siberas.de/assets/papers/ssa-1705_IPSWITCH_SQLinjection.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6251.json b/2017/6xxx/CVE-2017-6251.json index 2690908485e..4325f9ea4c9 100644 --- a/2017/6xxx/CVE-2017-6251.json +++ b/2017/6xxx/CVE-2017-6251.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-07-27T00:00:00", - "ID" : "CVE-2017-6251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA Windows GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-07-27T00:00:00", + "ID": "CVE-2017-6251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA Windows GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4525", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6289.json b/2017/6xxx/CVE-2017-6289.json index 82c13ef1612..24a5a14e49a 100644 --- a/2017/6xxx/CVE-2017-6289.json +++ b/2017/6xxx/CVE-2017-6289.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-05-07T00:00:00", - "ID" : "CVE-2017-6289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before the 2018-05-05 security patch level, NVIDIA Trusted Execution Environment (TEE) contains a memory corruption (due to unusual root cause) vulnerability, which if run within the speculative execution of the TEE, may lead to local escalation of privileges. This issue is rated as critical. Android: A-72830049. Reference: N-CVE-2017-6289." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-05-07T00:00:00", + "ID": "CVE-2017-6289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-05-01" - }, - { - "name" : "104145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before the 2018-05-05 security patch level, NVIDIA Trusted Execution Environment (TEE) contains a memory corruption (due to unusual root cause) vulnerability, which if run within the speculative execution of the TEE, may lead to local escalation of privileges. This issue is rated as critical. Android: A-72830049. Reference: N-CVE-2017-6289." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104145" + }, + { + "name": "https://source.android.com/security/bulletin/2018-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6337.json b/2017/6xxx/CVE-2017-6337.json index 33d5ae69fc3..83dae9e3a3e 100644 --- a/2017/6xxx/CVE-2017-6337.json +++ b/2017/6xxx/CVE-2017-6337.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6337", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6337", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6500.json b/2017/6xxx/CVE-2017-6500.json index 81f0a425cbe..d4130eec217 100644 --- a/2017/6xxx/CVE-2017-6500.json +++ b/2017/6xxx/CVE-2017-6500.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/856879", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/856879" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/375", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/375" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/376", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/376" - }, - { - "name" : "DSA-3808", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3808" - }, - { - "name" : "96592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528" + }, + { + "name": "https://bugs.debian.org/856879", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/856879" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/376", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/376" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/375", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/375" + }, + { + "name": "96592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96592" + }, + { + "name": "DSA-3808", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3808" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6523.json b/2017/6xxx/CVE-2017-6523.json index 1090147ddc4..fde71731b4f 100644 --- a/2017/6xxx/CVE-2017-6523.json +++ b/2017/6xxx/CVE-2017-6523.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6523", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6523", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7818.json b/2017/7xxx/CVE-2017-7818.json index 52e97f74be8..cf475474737 100644 --- a/2017/7xxx/CVE-2017-7818.json +++ b/2017/7xxx/CVE-2017-7818.json @@ -1,140 +1,140 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "56" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.4" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.4" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free during ARIA array manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "56" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.4" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.4" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1363723", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1363723" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-22/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-22/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-23/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-23/" - }, - { - "name" : "DSA-3987", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3987" - }, - { - "name" : "DSA-4014", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4014" - }, - { - "name" : "GLSA-201803-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201803-14" - }, - { - "name" : "RHSA-2017:2831", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2831" - }, - { - "name" : "RHSA-2017:2885", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2885" - }, - { - "name" : "101055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101055" - }, - { - "name" : "1039465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free during ARIA array manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-22/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-22/" + }, + { + "name": "1039465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039465" + }, + { + "name": "RHSA-2017:2831", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2831" + }, + { + "name": "RHSA-2017:2885", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2885" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" + }, + { + "name": "101055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101055" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1363723", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1363723" + }, + { + "name": "DSA-4014", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4014" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-23/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-23/" + }, + { + "name": "DSA-3987", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3987" + }, + { + "name": "GLSA-201803-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201803-14" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11500.json b/2018/11xxx/CVE-2018-11500.json index ffea6f3ef2e..4444fcba58d 100644 --- a/2018/11xxx/CVE-2018-11500.json +++ b/2018/11xxx/CVE-2018-11500.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in \"admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list\" that can add an admin account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sanluan/PublicCMS/issues/11", - "refsource" : "MISC", - "url" : "https://github.com/sanluan/PublicCMS/issues/11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in \"admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list\" that can add an admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sanluan/PublicCMS/issues/11", + "refsource": "MISC", + "url": "https://github.com/sanluan/PublicCMS/issues/11" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14291.json b/2018/14xxx/CVE-2018-14291.json index f8d7c965943..61269d1851a 100644 --- a/2018/14xxx/CVE-2018-14291.json +++ b/2018/14xxx/CVE-2018-14291.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6231." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-751", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-751" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6231." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-751", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-751" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14396.json b/2018/14xxx/CVE-2018-14396.json index d72bad9667f..c496a13ee00 100644 --- a/2018/14xxx/CVE-2018-14396.json +++ b/2018/14xxx/CVE-2018-14396.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14489.json b/2018/14xxx/CVE-2018-14489.json index b0c9ac5b549..dcbd28b2fe4 100644 --- a/2018/14xxx/CVE-2018-14489.json +++ b/2018/14xxx/CVE-2018-14489.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14489", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14489", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15240.json b/2018/15xxx/CVE-2018-15240.json index de462ee6f57..7f6256c762b 100644 --- a/2018/15xxx/CVE-2018-15240.json +++ b/2018/15xxx/CVE-2018-15240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15317.json b/2018/15xxx/CVE-2018-15317.json index c84f3990223..4555f4b2d55 100644 --- a/2018/15xxx/CVE-2018-15317.json +++ b/2018/15xxx/CVE-2018-15317.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2018-15317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", - "version" : { - "version_data" : [ - { - "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2018-15317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version": { + "version_data": [ + { + "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K43625118", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K43625118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K43625118", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K43625118" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15633.json b/2018/15xxx/CVE-2018-15633.json index 5de46936996..a076a66bd77 100644 --- a/2018/15xxx/CVE-2018-15633.json +++ b/2018/15xxx/CVE-2018-15633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15633", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20105.json b/2018/20xxx/CVE-2018-20105.json index 13c9f9baec5..28a219fdba9 100644 --- a/2018/20xxx/CVE-2018-20105.json +++ b/2018/20xxx/CVE-2018-20105.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20105", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20105", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20416.json b/2018/20xxx/CVE-2018-20416.json index c1c0577424f..fce80b3fbc2 100644 --- a/2018/20xxx/CVE-2018-20416.json +++ b/2018/20xxx/CVE-2018-20416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20710.json b/2018/20xxx/CVE-2018-20710.json index 0e3e1f08c38..1d3a35eb09d 100644 --- a/2018/20xxx/CVE-2018-20710.json +++ b/2018/20xxx/CVE-2018-20710.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jbeder/yaml-cpp/issues/660", - "refsource" : "MISC", - "url" : "https://github.com/jbeder/yaml-cpp/issues/660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jbeder/yaml-cpp/issues/660", + "refsource": "MISC", + "url": "https://github.com/jbeder/yaml-cpp/issues/660" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9674.json b/2018/9xxx/CVE-2018-9674.json index 74a775a7fe8..58d7664c4d3 100644 --- a/2018/9xxx/CVE-2018-9674.json +++ b/2018/9xxx/CVE-2018-9674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9674", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9674", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file