From 0b827463d0044328cebd88983876e2f677b16461 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:35:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0024.json | 130 +++++++------- 2002/0xxx/CVE-2002-0443.json | 140 +++++++-------- 2002/0xxx/CVE-2002-0457.json | 140 +++++++-------- 2002/0xxx/CVE-2002-0821.json | 130 +++++++------- 2002/1xxx/CVE-2002-1151.json | 220 +++++++++++------------ 2002/1xxx/CVE-2002-1396.json | 200 ++++++++++----------- 2002/1xxx/CVE-2002-1397.json | 180 +++++++++---------- 2002/1xxx/CVE-2002-1610.json | 150 ++++++++-------- 2002/2xxx/CVE-2002-2230.json | 130 +++++++------- 2002/2xxx/CVE-2002-2273.json | 150 ++++++++-------- 2005/1xxx/CVE-2005-1657.json | 180 +++++++++---------- 2005/1xxx/CVE-2005-1938.json | 34 ++-- 2005/1xxx/CVE-2005-1949.json | 150 ++++++++-------- 2009/1xxx/CVE-2009-1266.json | 170 +++++++++--------- 2009/1xxx/CVE-2009-1515.json | 190 ++++++++++---------- 2009/1xxx/CVE-2009-1601.json | 160 ++++++++--------- 2009/5xxx/CVE-2009-5110.json | 120 ++++++------- 2012/0xxx/CVE-2012-0147.json | 190 ++++++++++---------- 2012/0xxx/CVE-2012-0443.json | 270 ++++++++++++++-------------- 2012/0xxx/CVE-2012-0659.json | 170 +++++++++--------- 2012/2xxx/CVE-2012-2266.json | 34 ++-- 2012/2xxx/CVE-2012-2647.json | 130 +++++++------- 2012/3xxx/CVE-2012-3398.json | 160 ++++++++--------- 2012/3xxx/CVE-2012-3536.json | 132 +++++++------- 2012/3xxx/CVE-2012-3679.json | 170 +++++++++--------- 2012/4xxx/CVE-2012-4025.json | 180 +++++++++---------- 2012/4xxx/CVE-2012-4330.json | 180 +++++++++---------- 2012/4xxx/CVE-2012-4446.json | 160 ++++++++--------- 2012/4xxx/CVE-2012-4544.json | 320 ++++++++++++++++----------------- 2012/4xxx/CVE-2012-4836.json | 140 +++++++-------- 2012/6xxx/CVE-2012-6288.json | 34 ++-- 2012/6xxx/CVE-2012-6691.json | 150 ++++++++-------- 2017/2xxx/CVE-2017-2036.json | 34 ++-- 2017/2xxx/CVE-2017-2087.json | 34 ++-- 2017/2xxx/CVE-2017-2270.json | 130 +++++++------- 2017/2xxx/CVE-2017-2754.json | 34 ++-- 2017/2xxx/CVE-2017-2969.json | 130 +++++++------- 2017/6xxx/CVE-2017-6517.json | 180 +++++++++---------- 2017/6xxx/CVE-2017-6746.json | 140 +++++++-------- 2018/11xxx/CVE-2018-11512.json | 140 +++++++-------- 2018/11xxx/CVE-2018-11938.json | 130 +++++++------- 2018/14xxx/CVE-2018-14009.json | 130 +++++++------- 2018/14xxx/CVE-2018-14841.json | 34 ++-- 2018/14xxx/CVE-2018-14866.json | 34 ++-- 2018/15xxx/CVE-2018-15049.json | 34 ++-- 2018/15xxx/CVE-2018-15539.json | 120 ++++++------- 2018/15xxx/CVE-2018-15754.json | 186 +++++++++---------- 2018/15xxx/CVE-2018-15926.json | 140 +++++++-------- 2018/20xxx/CVE-2018-20080.json | 34 ++-- 2018/20xxx/CVE-2018-20186.json | 120 ++++++------- 2018/20xxx/CVE-2018-20252.json | 142 +++++++-------- 2018/20xxx/CVE-2018-20441.json | 120 ++++++------- 2018/9xxx/CVE-2018-9263.json | 160 ++++++++--------- 2018/9xxx/CVE-2018-9623.json | 34 ++-- 54 files changed, 3617 insertions(+), 3617 deletions(-) diff --git a/2002/0xxx/CVE-2002-0024.json b/2002/0xxx/CVE-2002-0024.json index dc8d1931815..b3462d8b97c 100644 --- a/2002/0xxx/CVE-2002-0024.json +++ b/2002/0xxx/CVE-2002-0024.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-005", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005" - }, - { - "name" : "4087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4087" + }, + { + "name": "MS02-005", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0443.json b/2002/0xxx/CVE-2002-0443.json index a31e41d5cca..6d048adbd9c 100644 --- a/2002/0xxx/CVE-2002-0443.json +++ b/2002/0xxx/CVE-2002-0443.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020307 Windows 2000 password policy bypass possibility", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/260704" - }, - { - "name" : "win2k-password-bypass-policy(8402)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8402.php" - }, - { - "name" : "4256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win2k-password-bypass-policy(8402)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8402.php" + }, + { + "name": "20020307 Windows 2000 password policy bypass possibility", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/260704" + }, + { + "name": "4256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4256" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0457.json b/2002/0xxx/CVE-2002-0457.json index e5bbcab53c6..c7e1517138c 100644 --- a/2002/0xxx/CVE-2002-0457.json +++ b/2002/0xxx/CVE-2002-0457.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020316 [ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/262693" - }, - { - "name" : "4308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4308" - }, - { - "name" : "bgguestbook-post-css(8474)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8474.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020316 [ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/262693" + }, + { + "name": "bgguestbook-post-css(8474)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8474.php" + }, + { + "name": "4308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4308" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0821.json b/2002/0xxx/CVE-2002-0821.json index 43e42de4b28..acdc7e758b3 100644 --- a/2002/0xxx/CVE-2002-0821.json +++ b/2002/0xxx/CVE-2002-0821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00005.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00005.html" - }, - { - "name" : "CLSA-2002:505", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLSA-2002:505", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00005.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1151.json b/2002/1xxx/CVE-2002-1151.json index e27cbaede4d..bdf127c9abd 100644 --- a/2002/1xxx/CVE-2002-1151.json +++ b/2002/1xxx/CVE-2002-1151.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103175850925395&w=2" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20020908-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20020908-2.txt" - }, - { - "name" : "CSSA-2002-047.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt" - }, - { - "name" : "CLA-2002:525", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525" - }, - { - "name" : "DSA-167", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-167" - }, - { - "name" : "MDKSA-2002:064", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php" - }, - { - "name" : "RHSA-2002:220", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" - }, - { - "name" : "RHSA-2002:221", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-221.html" - }, - { - "name" : "5689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5689" - }, - { - "name" : "ie-sameoriginpolicy-bypass(10039)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10039.php" - }, - { - "name" : "7867", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2002:220", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html" + }, + { + "name": "http://www.kde.org/info/security/advisory-20020908-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20020908-2.txt" + }, + { + "name": "ie-sameoriginpolicy-bypass(10039)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10039.php" + }, + { + "name": "MDKSA-2002:064", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php" + }, + { + "name": "DSA-167", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-167" + }, + { + "name": "RHSA-2002:221", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-221.html" + }, + { + "name": "CLA-2002:525", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525" + }, + { + "name": "5689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5689" + }, + { + "name": "7867", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7867" + }, + { + "name": "CSSA-2002-047.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt" + }, + { + "name": "20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103175850925395&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1396.json b/2002/1xxx/CVE-2002-1396.json index ddff4f7d925..ff4ec20bbe5 100644 --- a/2002/1xxx/CVE-2002-1396.json +++ b/2002/1xxx/CVE-2002-1396.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021227 Buffer overflow in PHP \"wordwrap\" function", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104102689503192&w=2" - }, - { - "name" : "http://bugs.php.net/bug.php?id=20927", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=20927" - }, - { - "name" : "ESA-20030219-003", - "refsource" : "ENGARDE", - "url" : "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html" - }, - { - "name" : "200301-8", - "refsource" : "GENTOO", - "url" : "http://www.securityfocus.com/advisories/4862" - }, - { - "name" : "MDKSA-2003:019", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019" - }, - { - "name" : "RHSA-2003:017", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-017.html" - }, - { - "name" : "SuSE-SA:2003:0009", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html" - }, - { - "name" : "6488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6488" - }, - { - "name" : "php-wordwrap-bo(10944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "php-wordwrap-bo(10944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10944" + }, + { + "name": "MDKSA-2003:019", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019" + }, + { + "name": "6488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6488" + }, + { + "name": "RHSA-2003:017", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-017.html" + }, + { + "name": "ESA-20030219-003", + "refsource": "ENGARDE", + "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html" + }, + { + "name": "20021227 Buffer overflow in PHP \"wordwrap\" function", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104102689503192&w=2" + }, + { + "name": "200301-8", + "refsource": "GENTOO", + "url": "http://www.securityfocus.com/advisories/4862" + }, + { + "name": "http://bugs.php.net/bug.php?id=20927", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=20927" + }, + { + "name": "SuSE-SA:2003:0009", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1397.json b/2002/1xxx/CVE-2002-1397.json index a5f53b2c90f..56b8046ebec 100644 --- a/2002/1xxx/CVE-2002-1397.json +++ b/2002/1xxx/CVE-2002-1397.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102977465204357&w=2" - }, - { - "name" : "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52", - "refsource" : "MISC", - "url" : "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52" - }, - { - "name" : "CLA-2002:524", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" - }, - { - "name" : "RHSA-2003:001", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-001.html" - }, - { - "name" : "5497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5497" - }, - { - "name" : "8034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8034" - }, - { - "name" : "postgresql-cashwords-bo(9891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2002:524", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" + }, + { + "name": "20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102977465204357&w=2" + }, + { + "name": "8034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8034" + }, + { + "name": "5497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5497" + }, + { + "name": "RHSA-2003:001", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-001.html" + }, + { + "name": "postgresql-cashwords-bo(9891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9891" + }, + { + "name": "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52", + "refsource": "MISC", + "url": "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1610.json b/2002/1xxx/CVE-2002-1610.json index b2702547fab..b96229900f7 100644 --- a/2002/1xxx/CVE-2002-1610.json +++ b/2002/1xxx/CVE-2002-1610.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT2229", - "refsource" : "HP", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00430.html" - }, - { - "name" : "VU#612833", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/612833" - }, - { - "name" : "5599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5599" - }, - { - "name" : "tru64-ping-dos(10014)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tru64-ping-dos(10014)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10014" + }, + { + "name": "5599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5599" + }, + { + "name": "VU#612833", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/612833" + }, + { + "name": "SSRT2229", + "refsource": "HP", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00430.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2230.json b/2002/2xxx/CVE-2002-2230.json index db71163aaf0..4cd84d17cf8 100644 --- a/2002/2xxx/CVE-2002-2230.json +++ b/2002/2xxx/CVE-2002-2230.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a \".gif\" or \".jpg\" string, a variant of CVE-2002-0328." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021004 SECURITY.NNOV: ikonboard 3.1.1 CSS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0069.html" - }, - { - "name" : "ikonboard-html-image-xss(10268)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10268.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a \".gif\" or \".jpg\" string, a variant of CVE-2002-0328." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ikonboard-html-image-xss(10268)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10268.php" + }, + { + "name": "20021004 SECURITY.NNOV: ikonboard 3.1.1 CSS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0069.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2273.json b/2002/2xxx/CVE-2002-2273.json index 760e87a1b6a..47d91658ce4 100644 --- a/2002/2xxx/CVE-2002-2273.json +++ b/2002/2xxx/CVE-2002-2273.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021201 Advisory: Webster HTTP Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/301893" - }, - { - "name" : "6292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6292" - }, - { - "name" : "3262", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3262" - }, - { - "name" : "webster-path-name-xss(10729)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6292" + }, + { + "name": "20021201 Advisory: Webster HTTP Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/301893" + }, + { + "name": "3262", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3262" + }, + { + "name": "webster-path-name-xss(10729)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10729" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1657.json b/2005/1xxx/CVE-2005-1657.json index ad0d438fe48..6d517392446 100644 --- a/2005/1xxx/CVE-2005-1657.json +++ b/2005/1xxx/CVE-2005-1657.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16220", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16220" - }, - { - "name" : "16221", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16221" - }, - { - "name" : "16222", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16222" - }, - { - "name" : "16223", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16223" - }, - { - "name" : "16224", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16224" - }, - { - "name" : "16225", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16225" - }, - { - "name" : "15234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16225", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16225" + }, + { + "name": "16220", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16220" + }, + { + "name": "16222", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16222" + }, + { + "name": "15234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15234" + }, + { + "name": "16223", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16223" + }, + { + "name": "16221", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16221" + }, + { + "name": "16224", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16224" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1938.json b/2005/1xxx/CVE-2005-1938.json index 574b2ceb707..286d296fb20 100644 --- a/2005/1xxx/CVE-2005-1938.json +++ b/2005/1xxx/CVE-2005-1938.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1938", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1250. Reason: This candidate is a duplicate of CVE-2005-1250. Notes: this duplicate occurred as a result of multiple independent discoveries and insufficient coordination by the vendor and CNA. All CVE users should reference CVE-2005-1250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1938", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1250. Reason: This candidate is a duplicate of CVE-2005-1250. Notes: this duplicate occurred as a result of multiple independent discoveries and insufficient coordination by the vendor and CNA. All CVE users should reference CVE-2005-1250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1949.json b/2005/1xxx/CVE-2005-1949.json index 75d311d2201..0cbe6411e18 100644 --- a/2005/1xxx/CVE-2005-1949.json +++ b/2005/1xxx/CVE-2005-1949.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050609 Arbitrary code execution in eping plugin", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111835539312985&w=2" - }, - { - "name" : "20050610 Re: Arbitrary code execution in eping plugin", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111868460811287&w=2" - }, - { - "name" : "http://e107plugins.co.uk/news.php", - "refsource" : "CONFIRM", - "url" : "http://e107plugins.co.uk/news.php" - }, - { - "name" : "15678", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050609 Arbitrary code execution in eping plugin", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111835539312985&w=2" + }, + { + "name": "20050610 Re: Arbitrary code execution in eping plugin", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111868460811287&w=2" + }, + { + "name": "http://e107plugins.co.uk/news.php", + "refsource": "CONFIRM", + "url": "http://e107plugins.co.uk/news.php" + }, + { + "name": "15678", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15678" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1266.json b/2009/1xxx/CVE-2009-1266.json index 4e2c06e8db3..672c0486b3d 100644 --- a/2009/1xxx/CVE-2009-1266.json +++ b/2009/1xxx/CVE-2009-1266.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090417 rPSA-2009-0062-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502745/100/0/threaded" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "34778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34778" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "wireshark-unspecified(50334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34778" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "20090417 rPSA-2009-0062-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502745/100/0/threaded" + }, + { + "name": "wireshark-unspecified(50334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50334" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0062", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0062" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1515.json b/2009/1xxx/CVE-2009-1515.json index 4c0f641d360..036139b3010 100644 --- a/2009/1xxx/CVE-2009-1515.json +++ b/2009/1xxx/CVE-2009-1515.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[file] 20090501 file 5.01 is now available", - "refsource" : "MLIST", - "url" : "http://mx.gw.com/pipermail/file/2009/000379.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820" - }, - { - "name" : "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz" - }, - { - "name" : "MDVSA-2009:129", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129" - }, - { - "name" : "34745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34745" - }, - { - "name" : "54100", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/54100" - }, - { - "name" : "34881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:129", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603" + }, + { + "name": "34745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34745" + }, + { + "name": "[file] 20090501 file 5.01 is now available", + "refsource": "MLIST", + "url": "http://mx.gw.com/pipermail/file/2009/000379.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820" + }, + { + "name": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz", + "refsource": "CONFIRM", + "url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz" + }, + { + "name": "34881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34881" + }, + { + "name": "54100", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/54100" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1601.json b/2009/1xxx/CVE-2009-1601.json index 73d72ecb2e7..45c47688b32 100644 --- a/2009/1xxx/CVE-2009-1601.json +++ b/2009/1xxx/CVE-2009-1601.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/bugs/365823", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/365823" - }, - { - "name" : "USN-770-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-770-1" - }, - { - "name" : "34818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34818" - }, - { - "name" : "35000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35000" - }, - { - "name" : "clamav-clamavmilter-security-bypass(50311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-770-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-770-1" + }, + { + "name": "clamav-clamavmilter-security-bypass(50311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50311" + }, + { + "name": "https://launchpad.net/bugs/365823", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/365823" + }, + { + "name": "35000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35000" + }, + { + "name": "34818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34818" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5110.json b/2009/5xxx/CVE-2009-5110.json index ed46185ff00..a23ec8ebb4c 100644 --- a/2009/5xxx/CVE-2009-5110.json +++ b/2009/5xxx/CVE-2009-5110.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ha.ckers.org/slowloris/", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/slowloris/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ha.ckers.org/slowloris/", + "refsource": "MISC", + "url": "http://ha.ckers.org/slowloris/" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0147.json b/2012/0xxx/CVE-2012-0147.json index 2b742e076a1..e0a35f9ae09 100644 --- a/2012/0xxx/CVE-2012-0147.json +++ b/2012/0xxx/CVE-2012-0147.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026" - }, - { - "name" : "TA12-101A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-101A.html" - }, - { - "name" : "52909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52909" - }, - { - "name" : "81132", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81132" - }, - { - "name" : "oval:org.mitre.oval:def:15557", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557" - }, - { - "name" : "1026909", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026909" - }, - { - "name" : "48787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48787" - }, - { - "name" : "ms-forefront-uag-info-disclosure(74368)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-101A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html" + }, + { + "name": "1026909", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026909" + }, + { + "name": "MS12-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026" + }, + { + "name": "oval:org.mitre.oval:def:15557", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557" + }, + { + "name": "52909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52909" + }, + { + "name": "48787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48787" + }, + { + "name": "ms-forefront-uag-info-disclosure(74368)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368" + }, + { + "name": "81132", + "refsource": "OSVDB", + "url": "http://osvdb.org/81132" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0443.json b/2012/0xxx/CVE-2012-0443.json index 9a20006a758..6570275c842 100644 --- a/2012/0xxx/CVE-2012-0443.json +++ b/2012/0xxx/CVE-2012-0443.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665578", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665578" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=684938", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=684938" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=692817", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=692817" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=695076", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=695076" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=696748", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=696748" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=707051", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=707051" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711651", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711651" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712169", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712169" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712289", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712289" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=713209", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=713209" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714600", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714600" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715662", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715662" - }, - { - "name" : "MDVSA-2012:013", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" - }, - { - "name" : "openSUSE-SU-2012:0234", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" - }, - { - "name" : "oval:org.mitre.oval:def:14444", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=711651", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=711651" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=665578", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665578" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=712169", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=712169" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=695076", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=695076" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=714600", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=714600" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=684938", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=684938" + }, + { + "name": "oval:org.mitre.oval:def:14444", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14444" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=713209", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=713209" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=707051", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=707051" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=696748", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=696748" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=715662", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715662" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html" + }, + { + "name": "MDVSA-2012:013", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=712289", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=712289" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=692817", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=692817" + }, + { + "name": "openSUSE-SU-2012:0234", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0659.json b/2012/0xxx/CVE-2012-0659.json index e6545474cfb..a47931825bf 100644 --- a/2012/0xxx/CVE-2012-0659.json +++ b/2012/0xxx/CVE-2012-0659.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "http://support.apple.com/kb/HT5261", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5261" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-05-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" - }, - { - "name" : "53445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53445" - }, - { - "name" : "53467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5261", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5261" + }, + { + "name": "53445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53445" + }, + { + "name": "APPLE-SA-2012-05-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "53467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53467" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2266.json b/2012/2xxx/CVE-2012-2266.json index 2179f367346..6f2f885f745 100644 --- a/2012/2xxx/CVE-2012-2266.json +++ b/2012/2xxx/CVE-2012-2266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2266", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2266", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2647.json b/2012/2xxx/CVE-2012-2647.json index 777ec16f4c1..11ea62233f5 100644 --- a/2012/2xxx/CVE-2012-2647.json +++ b/2012/2xxx/CVE-2012-2647.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-2647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#51769987", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN51769987/index.html" - }, - { - "name" : "JVNDB-2012-000072", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#51769987", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN51769987/index.html" + }, + { + "name": "JVNDB-2012-000072", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3398.json b/2012/3xxx/CVE-2012-3398.json index d86c3abaaea..c9f121b2148 100644 --- a/2012/3xxx/CVE-2012-3398.json +++ b/2012/3xxx/CVE-2012-3398.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120717 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/07/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126" - }, - { - "name" : "54481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54481" - }, - { - "name" : "49890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49890" - }, - { - "name" : "moodle-database-dos(76964)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126" + }, + { + "name": "moodle-database-dos(76964)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76964" + }, + { + "name": "49890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49890" + }, + { + "name": "[oss-security] 20120717 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/07/17/1" + }, + { + "name": "54481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54481" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3536.json b/2012/3xxx/CVE-2012-3536.json index 85f62ddb886..3282993c9ec 100644 --- a/2012/3xxx/CVE-2012-3536.json +++ b/2012/3xxx/CVE-2012-3536.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-02-26T00:00:00", - "ID" : "CVE-2012-3536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Hupa", - "version" : { - "version_data" : [ - { - "version_value" : "Hupa versions prior to 0.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-02-26T00:00:00", + "ID": "CVE-2012-3536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Hupa", + "version": { + "version_data": [ + { + "version_value": "Hupa versions prior to 0.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1373762", - "refsource" : "MISC", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1373762" - }, - { - "name" : "https://james.apache.org/hupa/index.html", - "refsource" : "MISC", - "url" : "https://james.apache.org/hupa/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://james.apache.org/hupa/index.html", + "refsource": "MISC", + "url": "https://james.apache.org/hupa/index.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1373762", + "refsource": "MISC", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3679.json b/2012/3xxx/CVE-2012-3679.json index 0624d838b7f..6ec8373678e 100644 --- a/2012/3xxx/CVE-2012-3679.json +++ b/2012/3xxx/CVE-2012-3679.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4025.json b/2012/4xxx/CVE-2012-4025.json index d117f65a464..6328574d69a 100644 --- a/2012/4xxx/CVE-2012-4025.json +++ b/2012/4xxx/CVE-2012-4025.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/19/6" - }, - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel", - "refsource" : "MISC", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001" - }, - { - "name" : "GLSA-201612-40", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-40" - }, - { - "name" : "MDVSA-2013:128", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128" - }, - { - "name" : "54610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54610" - }, - { - "name" : "83899", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/83899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/19/6" + }, + { + "name": "83899", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/83899" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001" + }, + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel", + "refsource": "MISC", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel" + }, + { + "name": "54610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54610" + }, + { + "name": "GLSA-201612-40", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-40" + }, + { + "name": "MDVSA-2013:128", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4330.json b/2012/4xxx/CVE-2012-4330.json index f6b44c23b9e..b6461940f3c 100644 --- a/2012/4xxx/CVE-2012-4330.json +++ b/2012/4xxx/CVE-2012-4330.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120419 Vulnerabilities in Samsung TV (remote controller protocol)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0142.html" - }, - { - "name" : "18751", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18751" - }, - { - "name" : "http://aluigi.org/adv/samsux_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/samsux_1-adv.txt" - }, - { - "name" : "53161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53161" - }, - { - "name" : "81222", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81222" - }, - { - "name" : "1026976", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026976" - }, - { - "name" : "samsungtv-string-dos(74928)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53161" + }, + { + "name": "20120419 Vulnerabilities in Samsung TV (remote controller protocol)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0142.html" + }, + { + "name": "81222", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81222" + }, + { + "name": "samsungtv-string-dos(74928)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74928" + }, + { + "name": "http://aluigi.org/adv/samsux_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/samsux_1-adv.txt" + }, + { + "name": "18751", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18751" + }, + { + "name": "1026976", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026976" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4446.json b/2012/4xxx/CVE-2012-4446.json index e9fa30ae227..b7f0f261faf 100644 --- a/2012/4xxx/CVE-2012-4446.json +++ b/2012/4xxx/CVE-2012-4446.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=851355", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851355" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-4631", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPID-4631" - }, - { - "name" : "RHSA-2013:0561", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0561.html" - }, - { - "name" : "RHSA-2013:0562", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0562.html" - }, - { - "name" : "52516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/QPID-4631", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPID-4631" + }, + { + "name": "RHSA-2013:0561", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html" + }, + { + "name": "RHSA-2013:0562", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=851355", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851355" + }, + { + "name": "52516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52516" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4544.json b/2012/4xxx/CVE-2012-4544.json index de4b6b97f73..2bae1d9412b 100644 --- a/2012/4xxx/CVE-2012-4544.json +++ b/2012/4xxx/CVE-2012-4544.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/26/3" - }, - { - "name" : "DSA-2636", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2636" - }, - { - "name" : "FEDORA-2012-17135", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html" - }, - { - "name" : "FEDORA-2012-17204", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html" - }, - { - "name" : "FEDORA-2012-17408", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html" - }, - { - "name" : "RHSA-2013:0241", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0241.html" - }, - { - "name" : "SUSE-SU-2012:1486", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html" - }, - { - "name" : "SUSE-SU-2012:1487", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html" - }, - { - "name" : "openSUSE-SU-2012:1572", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" - }, - { - "name" : "SUSE-SU-2014:0411", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:0470", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" - }, - { - "name" : "openSUSE-SU-2012:1573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" - }, - { - "name" : "56289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56289" - }, - { - "name" : "86619", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86619" - }, - { - "name" : "1027699", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027699" - }, - { - "name" : "51071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51071" - }, - { - "name" : "51413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51413" - }, - { - "name" : "51324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51324" - }, - { - "name" : "51352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51352" - }, - { - "name" : "xen-pvdomainbuilder-dos(79617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2014:0470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" + }, + { + "name": "51071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51071" + }, + { + "name": "[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/26/3" + }, + { + "name": "FEDORA-2012-17408", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html" + }, + { + "name": "51413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51413" + }, + { + "name": "FEDORA-2012-17204", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html" + }, + { + "name": "SUSE-SU-2012:1486", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html" + }, + { + "name": "DSA-2636", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2636" + }, + { + "name": "xen-pvdomainbuilder-dos(79617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79617" + }, + { + "name": "FEDORA-2012-17135", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html" + }, + { + "name": "56289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56289" + }, + { + "name": "1027699", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027699" + }, + { + "name": "RHSA-2013:0241", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0241.html" + }, + { + "name": "openSUSE-SU-2012:1572", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" + }, + { + "name": "86619", + "refsource": "OSVDB", + "url": "http://osvdb.org/86619" + }, + { + "name": "SUSE-SU-2012:1487", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "51352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51352" + }, + { + "name": "51324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51324" + }, + { + "name": "SUSE-SU-2014:0411", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" + }, + { + "name": "openSUSE-SU-2012:1573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4836.json b/2012/4xxx/CVE-2012-4836.json index 3a805e70f47..c6e5ea2d56b 100644 --- a/2012/4xxx/CVE-2012-4836.json +++ b/2012/4xxx/CVE-2012-4836.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" - }, - { - "name" : "cognos-business-intel-xss(78918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" + }, + { + "name": "cognos-business-intel-xss(78918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78918" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6288.json b/2012/6xxx/CVE-2012-6288.json index db62ee02427..4f626da444d 100644 --- a/2012/6xxx/CVE-2012-6288.json +++ b/2012/6xxx/CVE-2012-6288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6288", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6288", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6691.json b/2012/6xxx/CVE-2012-6691.json index 1081f87ca74..7c2182b31be 100644 --- a/2012/6xxx/CVE-2012-6691.json +++ b/2012/6xxx/CVE-2012-6691.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120404 Multiple vulnerabilities in osCmax", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23081", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23081" - }, - { - "name" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update", - "refsource" : "CONFIRM", - "url" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update" - }, - { - "name" : "74753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23081", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23081" + }, + { + "name": "20120404 Multiple vulnerabilities in osCmax", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html" + }, + { + "name": "74753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74753" + }, + { + "name": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update", + "refsource": "CONFIRM", + "url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2036.json b/2017/2xxx/CVE-2017-2036.json index f36bf76e30b..cd377626b6c 100644 --- a/2017/2xxx/CVE-2017-2036.json +++ b/2017/2xxx/CVE-2017-2036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2036", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2036", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2087.json b/2017/2xxx/CVE-2017-2087.json index 49f14e4b740..1d4a8bc3dc4 100644 --- a/2017/2xxx/CVE-2017-2087.json +++ b/2017/2xxx/CVE-2017-2087.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2087", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2087", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2270.json b/2017/2xxx/CVE-2017-2270.json index b6caf4b0224..aee5f61b40f 100644 --- a/2017/2xxx/CVE-2017-2270.json +++ b/2017/2xxx/CVE-2017-2270.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Encrypted files in self-decryption format created by FileCapsule Deluxe Portable", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.2.0.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Tomoki Fuke" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Encrypted files in self-decryption format created by FileCapsule Deluxe Portable", + "version": { + "version_data": [ + { + "version_value": "Ver.2.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Tomoki Fuke" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://resumenext.blog.fc2.com/blog-entry-30.html", - "refsource" : "CONFIRM", - "url" : "http://resumenext.blog.fc2.com/blog-entry-30.html" - }, - { - "name" : "JVN#42031953", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN42031953/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://resumenext.blog.fc2.com/blog-entry-30.html", + "refsource": "CONFIRM", + "url": "http://resumenext.blog.fc2.com/blog-entry-30.html" + }, + { + "name": "JVN#42031953", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN42031953/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2754.json b/2017/2xxx/CVE-2017-2754.json index c33ec735f47..eed8e43d7ac 100644 --- a/2017/2xxx/CVE-2017-2754.json +++ b/2017/2xxx/CVE-2017-2754.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2754", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2754", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2969.json b/2017/2xxx/CVE-2017-2969.json index 3d909ec63fe..0b27a587459 100644 --- a/2017/2xxx/CVE-2017-2969.json +++ b/2017/2xxx/CVE-2017-2969.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Campaign 16.4 Build 8724 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Campaign 16.4 Build 8724 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Campaign 16.4 Build 8724 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Campaign 16.4 Build 8724 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/campaign/apsb17-03.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/campaign/apsb17-03.html" - }, - { - "name" : "96200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/campaign/apsb17-03.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/campaign/apsb17-03.html" + }, + { + "name": "96200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96200" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6517.json b/2017/6xxx/CVE-2017-6517.json index 60276db9373..e016abd7cc7 100644 --- a/2017/6xxx/CVE-2017-6517.json +++ b/2017/6xxx/CVE-2017-6517.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170316 Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Mar/44" - }, - { - "name" : "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html" - }, - { - "name" : "https://twitter.com/tiger_tigerboy/status/755332687141883904", - "refsource" : "MISC", - "url" : "https://twitter.com/tiger_tigerboy/status/755332687141883904" - }, - { - "name" : "https://twitter.com/vysecurity/status/845013670103003138", - "refsource" : "MISC", - "url" : "https://twitter.com/vysecurity/status/845013670103003138" - }, - { - "name" : "https://technet.microsoft.com/security/cc308575.aspx", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/security/cc308575.aspx" - }, - { - "name" : "96969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96969" - }, - { - "name" : "1038209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170316 Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Mar/44" + }, + { + "name": "https://twitter.com/tiger_tigerboy/status/755332687141883904", + "refsource": "MISC", + "url": "https://twitter.com/tiger_tigerboy/status/755332687141883904" + }, + { + "name": "https://twitter.com/vysecurity/status/845013670103003138", + "refsource": "MISC", + "url": "https://twitter.com/vysecurity/status/845013670103003138" + }, + { + "name": "96969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96969" + }, + { + "name": "1038209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038209" + }, + { + "name": "https://technet.microsoft.com/security/cc308575.aspx", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/security/cc308575.aspx" + }, + { + "name": "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6746.json b/2017/6xxx/CVE-2017-6746.json index eb114f14962..0986dc2477e 100644 --- a/2017/6xxx/CVE-2017-6746.json +++ b/2017/6xxx/CVE-2017-6746.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Web Security Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Web Security Appliance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection and Privilege Escalation Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "Cisco Web Security Appliance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1" - }, - { - "name" : "99877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99877" - }, - { - "name" : "1038948", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection and Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99877" + }, + { + "name": "1038948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038948" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11512.json b/2018/11xxx/CVE-2018-11512.json index 5ca79f23d01..1684601eac2 100644 --- a/2018/11xxx/CVE-2018-11512.json +++ b/2018/11xxx/CVE-2018-11512.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stored cross-site scripting (XSS) vulnerability in the \"Website's name\" field found in the \"Settings\" page under the \"General\" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44790", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44790/" - }, - { - "name" : "https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44", - "refsource" : "MISC", - "url" : "https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44" - }, - { - "name" : "https://github.com/Creatiwity/wityCMS/issues/150", - "refsource" : "MISC", - "url" : "https://github.com/Creatiwity/wityCMS/issues/150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored cross-site scripting (XSS) vulnerability in the \"Website's name\" field found in the \"Settings\" page under the \"General\" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44", + "refsource": "MISC", + "url": "https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44" + }, + { + "name": "44790", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44790/" + }, + { + "name": "https://github.com/Creatiwity/wityCMS/issues/150", + "refsource": "MISC", + "url": "https://github.com/Creatiwity/wityCMS/issues/150" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11938.json b/2018/11xxx/CVE-2018-11938.json index 6d9e18b30fc..7b43e00639b 100644 --- a/2018/11xxx/CVE-2018-11938.json +++ b/2018/11xxx/CVE-2018-11938.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in Trusted Application Environment" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Trusted Application Environment" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106845" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14009.json b/2018/14xxx/CVE-2018-14009.json index ea83f11c659..d745d0aa4a5 100644 --- a/2018/14xxx/CVE-2018-14009.json +++ b/2018/14xxx/CVE-2018-14009.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Codiad/Codiad/issues/1078", - "refsource" : "MISC", - "url" : "https://github.com/Codiad/Codiad/issues/1078" - }, - { - "name" : "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit", - "refsource" : "MISC", - "url" : "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit", + "refsource": "MISC", + "url": "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit" + }, + { + "name": "https://github.com/Codiad/Codiad/issues/1078", + "refsource": "MISC", + "url": "https://github.com/Codiad/Codiad/issues/1078" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14841.json b/2018/14xxx/CVE-2018-14841.json index 081c7cc8a81..635c33ee7ec 100644 --- a/2018/14xxx/CVE-2018-14841.json +++ b/2018/14xxx/CVE-2018-14841.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14841", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14841", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14866.json b/2018/14xxx/CVE-2018-14866.json index b6a4d095021..183a7bfaee9 100644 --- a/2018/14xxx/CVE-2018-14866.json +++ b/2018/14xxx/CVE-2018-14866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15049.json b/2018/15xxx/CVE-2018-15049.json index e0a0ec5a5c1..d9e3c04afe2 100644 --- a/2018/15xxx/CVE-2018-15049.json +++ b/2018/15xxx/CVE-2018-15049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15049", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15049", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15539.json b/2018/15xxx/CVE-2018-15539.json index 3fe881b13c9..c5df8416316 100644 --- a/2018/15xxx/CVE-2018-15539.json +++ b/2018/15xxx/CVE-2018-15539.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181011 Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Oct/30" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181011 Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Oct/30" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15754.json b/2018/15xxx/CVE-2018-15754.json index f8492c162c2..f5b2489b24d 100644 --- a/2018/15xxx/CVE-2018-15754.json +++ b/2018/15xxx/CVE-2018-15754.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-12-10T00:00:00.000Z", - "ID" : "CVE-2018-15754", - "STATE" : "PUBLIC", - "TITLE" : "UAA can issue tokens across identity providers if users with matching usernames exist" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UAA Release", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "60", - "version_value" : "66.0" - } - ] - } - } - ] - }, - "vendor_name" : "Cloud Foundry" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 4.2, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-12-10T00:00:00.000Z", + "ID": "CVE-2018-15754", + "STATE": "PUBLIC", + "TITLE": "UAA can issue tokens across identity providers if users with matching usernames exist" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UAA Release", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "60", + "version_value": "66.0" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/blog/cve-2018-15754", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2018-15754" - }, - { - "name" : "https://www.cloudfoundry.org/blog/cve-2018-15754/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2018-15754/" - }, - { - "name" : "106240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106240" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106240" + }, + { + "name": "https://www.cloudfoundry.org/blog/cve-2018-15754/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2018-15754/" + }, + { + "name": "https://www.cloudfoundry.org/blog/cve-2018-15754", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2018-15754" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15926.json b/2018/15xxx/CVE-2018-15926.json index 10bcd938af0..60fbcdda854 100644 --- a/2018/15xxx/CVE-2018-15926.json +++ b/2018/15xxx/CVE-2018-15926.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20080.json b/2018/20xxx/CVE-2018-20080.json index 6d6e1e13ccd..a0f9938f016 100644 --- a/2018/20xxx/CVE-2018-20080.json +++ b/2018/20xxx/CVE-2018-20080.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20080", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20080", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20186.json b/2018/20xxx/CVE-2018-20186.json index 09ed21c5c36..171576619cf 100644 --- a/2018/20xxx/CVE-2018-20186.json +++ b/2018/20xxx/CVE-2018-20186.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/342", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/342", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/342" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20252.json b/2018/20xxx/CVE-2018-20252.json index 7e109bd68b3..b33308b73c2 100644 --- a/2018/20xxx/CVE-2018-20252.json +++ b/2018/20xxx/CVE-2018-20252.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "DATE_PUBLIC" : "2019-02-05T00:00:00", - "ID" : "CVE-2018-20252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WinRAR", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior and including 5.60" - } - ] - } - } - ] - }, - "vendor_name" : "Check Point Software Technologies Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787: Out-of-bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "DATE_PUBLIC": "2019-02-05T00:00:00", + "ID": "CVE-2018-20252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WinRAR", + "version": { + "version_data": [ + { + "version_value": "All versions prior and including 5.60" + } + ] + } + } + ] + }, + "vendor_name": "Check Point Software Technologies Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.win-rar.com/whatsnew.html", - "refsource" : "MISC", - "url" : "https://www.win-rar.com/whatsnew.html" - }, - { - "name" : "https://research.checkpoint.com/extracting-code-execution-from-winrar/", - "refsource" : "MISC", - "url" : "https://research.checkpoint.com/extracting-code-execution-from-winrar/" - }, - { - "name" : "106948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", + "refsource": "MISC", + "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/" + }, + { + "name": "106948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106948" + }, + { + "name": "https://www.win-rar.com/whatsnew.html", + "refsource": "MISC", + "url": "https://www.win-rar.com/whatsnew.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20441.json b/2018/20xxx/CVE-2018-20441.json index 194cfccd723..a86dbd36e6f 100644 --- a/2018/20xxx/CVE-2018-20441.json +++ b/2018/20xxx/CVE-2018-20441.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9263.json b/2018/9xxx/CVE-2018-9263.json index 35e576474e3..a451915f895 100644 --- a/2018/9xxx/CVE-2018-9263.json +++ b/2018/9xxx/CVE-2018-9263.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" - }, - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-23.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-23.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-23.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-23.html" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9623.json b/2018/9xxx/CVE-2018-9623.json index 8180b91d4a1..270abf5053d 100644 --- a/2018/9xxx/CVE-2018-9623.json +++ b/2018/9xxx/CVE-2018-9623.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9623", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9623", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file