diff --git a/2002/0xxx/CVE-2002-0140.json b/2002/0xxx/CVE-2002-0140.json index abf824afd97..3a29428e948 100644 --- a/2002/0xxx/CVE-2002-0140.json +++ b/2002/0xxx/CVE-2002-0140.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020120 dnrd 2.10 dos", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/251619" - }, - { - "name" : "3928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3928" - }, - { - "name" : "dnrd-dns-dos(7957)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7957.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dnrd-dns-dos(7957)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7957.php" + }, + { + "name": "3928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3928" + }, + { + "name": "20020120 dnrd 2.10 dos", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/251619" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0175.json b/2002/0xxx/CVE-2002-0175.json index e4c8af6be86..55fdc12e9a0 100644 --- a/2002/0xxx/CVE-2002-0175.json +++ b/2002/0xxx/CVE-2002-0175.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the \"'\" and \"I\" characters, which are implemented in libc but not libsafe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020320 Bypassing libsafe format string protection", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/263121" - }, - { - "name" : "20020320 [VulnWatch] Bypassing libsafe format string protection", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html" - }, - { - "name" : "MDKSA-2002:026", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php" - }, - { - "name" : "4326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4326" - }, - { - "name" : "libsafe-flagchar-protection-bypass(8593)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8593.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the \"'\" and \"I\" characters, which are implemented in libc but not libsafe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "libsafe-flagchar-protection-bypass(8593)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8593.php" + }, + { + "name": "20020320 [VulnWatch] Bypassing libsafe format string protection", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html" + }, + { + "name": "20020320 Bypassing libsafe format string protection", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/263121" + }, + { + "name": "4326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4326" + }, + { + "name": "MDKSA-2002:026", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0546.json b/2002/0xxx/CVE-2002-0546.json index e3650772e93..08c33934e8c 100644 --- a/2002/0xxx/CVE-2002-0546.json +++ b/2002/0xxx/CVE-2002-0546.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020403 Winamp: Mp3 file can control the minibrowser", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html" - }, - { - "name" : "20020403 Re: Winamp: Mp3 file can control the minibrowser", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html" - }, - { - "name" : "winamp-mp3-browser-css(8753)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8753.php" - }, - { - "name" : "4414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020403 Re: Winamp: Mp3 file can control the minibrowser", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html" + }, + { + "name": "20020403 Winamp: Mp3 file can control the minibrowser", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html" + }, + { + "name": "winamp-mp3-browser-css(8753)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8753.php" + }, + { + "name": "4414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4414" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0829.json b/2002/0xxx/CVE-2002-0829.json index 9af09e8fc87..2c6e87ee65e 100644 --- a/2002/0xxx/CVE-2002-0829.json +++ b/2002/0xxx/CVE-2002-0829.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:35.ffs", - "refsource" : "FREEBSD", - "url" : "http://marc.info/?l=bugtraq&m=102865404413458&w=2" - }, - { - "name" : "freebsd-ffs-integer-overflow(9771)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9771.php" - }, - { - "name" : "5399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5399" - }, - { - "name" : "5073", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5399" + }, + { + "name": "FreeBSD-SA-02:35.ffs", + "refsource": "FREEBSD", + "url": "http://marc.info/?l=bugtraq&m=102865404413458&w=2" + }, + { + "name": "5073", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5073" + }, + { + "name": "freebsd-ffs-integer-overflow(9771)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9771.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0912.json b/2002/0xxx/CVE-2002-0912.json index 0051b4169da..c1ddf10c1bc 100644 --- a/2002/0xxx/CVE-2002-0912.json +++ b/2002/0xxx/CVE-2002-0912.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-129", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-129" - }, - { - "name" : "debian-in-uucpd-dos(9230)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9230.php" - }, - { - "name" : "4910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-129", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-129" + }, + { + "name": "debian-in-uucpd-dos(9230)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9230.php" + }, + { + "name": "4910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4910" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1019.json b/2002/1xxx/CVE-2002-1019.json index 08982f6a30b..e6df4b8a79c 100644 --- a/2002/1xxx/CVE-2002-1019.json +++ b/2002/1xxx/CVE-2002-1019.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html" - }, - { - "name" : "20020712 Vulnerability found: The Adobe eBook Library", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=102649215618643&w=2" - }, - { - "name" : "20020712 Vulnerability found: The Adobe eBook Library", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=vuln-dev&m=102650064028760&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html" + }, + { + "name": "20020712 Vulnerability found: The Adobe eBook Library", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=vuln-dev&m=102650064028760&w=2" + }, + { + "name": "20020712 Vulnerability found: The Adobe eBook Library", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=102649215618643&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1082.json b/2002/1xxx/CVE-2002-1082.json index 643001e091d..a6719673af3 100644 --- a/2002/1xxx/CVE-2002-1082.json +++ b/2002/1xxx/CVE-2002-1082.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020725 [VulnWatch] ezContents multiple vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" - }, - { - "name" : "20020725 ezContents multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284229" - }, - { - "name" : "ezcontents-image-file-upload(9698)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9698.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020725 ezContents multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284229" + }, + { + "name": "20020725 [VulnWatch] ezContents multiple vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" + }, + { + "name": "ezcontents-image-file-upload(9698)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9698.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1380.json b/2002/1xxx/CVE-2002-1380.json index 1ab2069c989..b9ce8b196bb 100644 --- a/2002/1xxx/CVE-2002-1380.json +++ b/2002/1xxx/CVE-2002-1380.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-336" - }, - { - "name" : "ESA-20030318-009", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html" - }, - { - "name" : "MDKSA-2003:039", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039" - }, - { - "name" : "RHSA-2003:088", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-088.html" - }, - { - "name" : "2002-0083", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt" - }, - { - "name" : "6420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6420" - }, - { - "name" : "linux-protread-mmap-dos(10884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-336" + }, + { + "name": "RHSA-2003:088", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-088.html" + }, + { + "name": "ESA-20030318-009", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html" + }, + { + "name": "6420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6420" + }, + { + "name": "MDKSA-2003:039", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039" + }, + { + "name": "linux-protread-mmap-dos(10884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10884" + }, + { + "name": "2002-0083", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1474.json b/2002/1xxx/CVE-2002-1474.json index 68a6897d7bc..868508f41a9 100644 --- a/2002/1xxx/CVE-2002-1474.json +++ b/2002/1xxx/CVE-2002-1474.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT-547", - "refsource" : "COMPAQ", - "url" : "http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT-547", + "refsource": "COMPAQ", + "url": "http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1510.json b/2002/1xxx/CVE-2002-1510.json index 1e5aab00555..1524b096403 100644 --- a/2002/1xxx/CVE-2002-1510.json +++ b/2002/1xxx/CVE-2002-1510.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2002:533", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533" - }, - { - "name" : "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG", - "refsource" : "MISC", - "url" : "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" - }, - { - "name" : "RHSA-2003:064", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-064.html" - }, - { - "name" : "RHSA-2003:065", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-065.html" - }, - { - "name" : "55602", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" - }, - { - "name" : "xfree86-xdm-unauth-access(11389)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11389.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2002:533", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533" + }, + { + "name": "RHSA-2003:064", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" + }, + { + "name": "RHSA-2003:065", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" + }, + { + "name": "55602", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" + }, + { + "name": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG", + "refsource": "MISC", + "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" + }, + { + "name": "xfree86-xdm-unauth-access(11389)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11389.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1790.json b/2002/1xxx/CVE-2002-1790.json index 7b92e53589e..bdabdda7164 100644 --- a/2002/1xxx/CVE-2002-1790.json +++ b/2002/1xxx/CVE-2002-1790.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020712 Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/281914" - }, - { - "name" : "5213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5213" - }, - { - "name" : "iis-smtp-mail-relay(9580)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9580.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020712 Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/281914" + }, + { + "name": "iis-smtp-mail-relay(9580)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9580.php" + }, + { + "name": "5213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5213" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2055.json b/2002/2xxx/CVE-2002-2055.json index 14721ebfe1e..3646a67a54c 100644 --- a/2002/2xxx/CVE-2002-2055.json +++ b/2002/2xxx/CVE-2002-2055.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=102313697923798&w=2" - }, - { - "name" : "http://www.ifrance.com/kitetoua/tuto/Teekai.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/Teekai.txt" - }, - { - "name" : "4924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4924" - }, - { - "name" : "teekais-tracking-xss(9284)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9284.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ifrance.com/kitetoua/tuto/Teekai.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/Teekai.txt" + }, + { + "name": "20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=102313697923798&w=2" + }, + { + "name": "teekais-tracking-xss(9284)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9284.php" + }, + { + "name": "4924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4924" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0046.json b/2003/0xxx/CVE-2003-0046.json index 0a02c170138..bdbe769d668 100644 --- a/2003/0xxx/CVE-2003-0046.json +++ b/2003/0xxx/CVE-2003-0046.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104386492422014&w=2" - }, - { - "name" : "http://www.idefense.com/advisory/01.28.03.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/01.28.03.txt" - }, - { - "name" : "http://www.celestialsoftware.net/telnet/beta_software.html", - "refsource" : "CONFIRM", - "url" : "http://www.celestialsoftware.net/telnet/beta_software.html" - }, - { - "name" : "6725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6725" - }, - { - "name" : "7686", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7686" - }, - { - "name" : "1006013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2" + }, + { + "name": "http://www.celestialsoftware.net/telnet/beta_software.html", + "refsource": "CONFIRM", + "url": "http://www.celestialsoftware.net/telnet/beta_software.html" + }, + { + "name": "7686", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7686" + }, + { + "name": "1006013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006013" + }, + { + "name": "6725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6725" + }, + { + "name": "http://www.idefense.com/advisory/01.28.03.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/01.28.03.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0462.json b/2003/0xxx/CVE-2003-0462.json index d672863128f..a3ff96ad0c7 100644 --- a/2003/0xxx/CVE-2003-0462.json +++ b/2003/0xxx/CVE-2003-0462.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:198", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html" - }, - { - "name" : "RHSA-2003:238", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html" - }, - { - "name" : "DSA-358", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-358" - }, - { - "name" : "DSA-423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-423" - }, - { - "name" : "RHSA-2003:239", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html" - }, - { - "name" : "oval:org.mitre.oval:def:309", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:238", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html" + }, + { + "name": "DSA-423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-423" + }, + { + "name": "RHSA-2003:198", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-198.html" + }, + { + "name": "RHSA-2003:239", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-239.html" + }, + { + "name": "oval:org.mitre.oval:def:309", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309" + }, + { + "name": "DSA-358", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-358" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0578.json b/2003/0xxx/CVE-2003-0578.json index 57e7be33790..3e5897bc807 100644 --- a/2003/0xxx/CVE-2003-0578.json +++ b/2003/0xxx/CVE-2003-0578.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html" - }, - { - "name" : "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105839150004682&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105839150004682&w=2" + }, + { + "name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0716.json b/2003/0xxx/CVE-2003-0716.json index deee81ada7b..dd8b736aac7 100644 --- a/2003/0xxx/CVE-2003-0716.json +++ b/2003/0xxx/CVE-2003-0716.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0716", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0716", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5126.json b/2009/5xxx/CVE-2009-5126.json index 05573cb6207..5dd7a3467c6 100644 --- a/2009/5xxx/CVE-2009-5126.json +++ b/2009/5xxx/CVE-2009-5126.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Antivirus component in Comodo Internet Security before 3.8.65951.477 allows remote attackers to cause a denial of service (application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://personalfirewall.comodo.com/release_notes.html", - "refsource" : "CONFIRM", - "url" : "http://personalfirewall.comodo.com/release_notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Antivirus component in Comodo Internet Security before 3.8.65951.477 allows remote attackers to cause a denial of service (application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://personalfirewall.comodo.com/release_notes.html", + "refsource": "CONFIRM", + "url": "http://personalfirewall.comodo.com/release_notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0200.json b/2012/0xxx/CVE-2012-0200.json index 47445d41188..08656760ae6 100644 --- a/2012/0xxx/CVE-2012-0200.json +++ b/2012/0xxx/CVE-2012-0200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg27021052", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg27021052" - }, - { - "name" : "IC81244", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81244" - }, - { - "name" : "soliddb-redundant-where-dos(73126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "soliddb-redundant-where-dos(73126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73126" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg27021052", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg27021052" + }, + { + "name": "IC81244", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81244" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0429.json b/2012/0xxx/CVE-2012-0429.json index 455a165d8d8..b5bcffca448 100644 --- a/2012/0xxx/CVE-2012-0429.json +++ b/2012/0xxx/CVE-2012-0429.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=3426981", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=3426981" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7011533", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7011533" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=772895", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=772895" - }, - { - "name" : "1027912", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027912", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027912" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7011533", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7011533" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=772895", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=772895" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=3426981", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=3426981" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0688.json b/2012/0xxx/CVE-2012-0688.json index b2e1ef193ef..71cd6060bce 100644 --- a/2012/0xxx/CVE-2012-0688.json +++ b/2012/0xxx/CVE-2012-0688.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp" + }, + { + "name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1018.json b/2012/1xxx/CVE-2012-1018.json index fad2349b24f..4a98c00ed9f 100644 --- a/2012/1xxx/CVE-2012-1018.json +++ b/2012/1xxx/CVE-2012-1018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt", - "refsource" : "MISC", - "url" : "http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt" - }, - { - "name" : "51804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51804" - }, - { - "name" : "currencyconverter-convert-xss(72917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt", + "refsource": "MISC", + "url": "http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt" + }, + { + "name": "currencyconverter-convert-xss(72917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72917" + }, + { + "name": "51804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51804" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1244.json b/2012/1xxx/CVE-2012-1244.json index ab0f7212dc9..1f4539bea9b 100644 --- a/2012/1xxx/CVE-2012-1244.json +++ b/2012/1xxx/CVE-2012-1244.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-1244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#82029095", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN82029095/index.html" - }, - { - "name" : "JVNDB-2012-000037", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037" - }, - { - "name" : "53254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53254" - }, - { - "name" : "81629", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81629" - }, - { - "name" : "48955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48955" - }, - { - "name" : "spmode-android-ssl-spoofing(75159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "spmode-android-ssl-spoofing(75159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159" + }, + { + "name": "53254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53254" + }, + { + "name": "JVN#82029095", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN82029095/index.html" + }, + { + "name": "48955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48955" + }, + { + "name": "81629", + "refsource": "OSVDB", + "url": "http://osvdb.org/81629" + }, + { + "name": "JVNDB-2012-000037", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1422.json b/2012/1xxx/CVE-2012-1422.json index 9a82b9811e1..5d14d351acf 100644 --- a/2012/1xxx/CVE-2012-1422.json +++ b/2012/1xxx/CVE-2012-1422.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52583" - }, - { - "name" : "80409", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "80409", + "refsource": "OSVDB", + "url": "http://osvdb.org/80409" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "52583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52583" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1774.json b/2012/1xxx/CVE-2012-1774.json index a03103da5c7..9e0053d784c 100644 --- a/2012/1xxx/CVE-2012-1774.json +++ b/2012/1xxx/CVE-2012-1774.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://player.gomlab.com/eng/download/", - "refsource" : "CONFIRM", - "url" : "http://player.gomlab.com/eng/download/" - }, - { - "name" : "80203", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80203" - }, - { - "name" : "gommediaplayer-openurl-unspecified(74120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80203", + "refsource": "OSVDB", + "url": "http://osvdb.org/80203" + }, + { + "name": "http://player.gomlab.com/eng/download/", + "refsource": "CONFIRM", + "url": "http://player.gomlab.com/eng/download/" + }, + { + "name": "gommediaplayer-openurl-unspecified(74120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74120" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1898.json b/2012/1xxx/CVE-2012-1898.json index 93b78b68cef..9c3ec224845 100644 --- a/2012/1xxx/CVE-2012-1898.json +++ b/2012/1xxx/CVE-2012-1898.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.webapp-security.com/2012/03/wolfcms/", - "refsource" : "MISC", - "url" : "http://www.webapp-security.com/2012/03/wolfcms/" - }, - { - "name" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt", - "refsource" : "MISC", - "url" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt", + "refsource": "MISC", + "url": "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt" + }, + { + "name": "http://www.webapp-security.com/2012/03/wolfcms/", + "refsource": "MISC", + "url": "http://www.webapp-security.com/2012/03/wolfcms/" + }, + { + "name": "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3426.json b/2012/3xxx/CVE-2012-3426.json index ed10f486515..8259f193eb1 100644 --- a/2012/3xxx/CVE-2012-3426.json +++ b/2012/3xxx/CVE-2012-3426.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/27/4" - }, - { - "name" : "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa", - "refsource" : "CONFIRM", - "url" : "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa" - }, - { - "name" : "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355", - "refsource" : "CONFIRM", - "url" : "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355" - }, - { - "name" : "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626", - "refsource" : "CONFIRM", - "url" : "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626" - }, - { - "name" : "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d", - "refsource" : "CONFIRM", - "url" : "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d" - }, - { - "name" : "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454", - "refsource" : "CONFIRM", - "url" : "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454" - }, - { - "name" : "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de", - "refsource" : "CONFIRM", - "url" : "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/996595", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/996595" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/997194", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/997194" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/998185", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/998185" - }, - { - "name" : "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz" - }, - { - "name" : "USN-1552-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1552-1" - }, - { - "name" : "50045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50045" - }, - { - "name" : "50494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454", + "refsource": "CONFIRM", + "url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454" + }, + { + "name": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa", + "refsource": "CONFIRM", + "url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/998185", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/998185" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/997194", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/997194" + }, + { + "name": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz", + "refsource": "CONFIRM", + "url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz" + }, + { + "name": "50494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50494" + }, + { + "name": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de", + "refsource": "CONFIRM", + "url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/996595", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/996595" + }, + { + "name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/27/4" + }, + { + "name": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626", + "refsource": "CONFIRM", + "url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626" + }, + { + "name": "USN-1552-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1552-1" + }, + { + "name": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355", + "refsource": "CONFIRM", + "url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355" + }, + { + "name": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d", + "refsource": "CONFIRM", + "url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d" + }, + { + "name": "50045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50045" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3465.json b/2012/3xxx/CVE-2012-3465.json index f31c9d7c9fb..cf63a0bd493 100644 --- a/2012/3xxx/CVE-2012-3465.json +++ b/2012/3xxx/CVE-2012-3465.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rubyonrails-security] 20120810 XSS Vulnerability in strip_tags", - "refsource" : "MLIST", - "url" : "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain" - }, - { - "name" : "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" - }, - { - "name" : "RHSA-2013:0154", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0154.html" - }, - { - "name" : "50694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" + }, + { + "name": "50694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50694" + }, + { + "name": "RHSA-2013:0154", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" + }, + { + "name": "[rubyonrails-security] 20120810 XSS Vulnerability in strip_tags", + "refsource": "MLIST", + "url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3942.json b/2012/3xxx/CVE-2012-3942.json index 86e3963e8a6..b468b0ce7df 100644 --- a/2012/3xxx/CVE-2012-3942.json +++ b/2012/3xxx/CVE-2012-3942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4066.json b/2012/4xxx/CVE-2012-4066.json index d2e45102ca2..0707a2388fe 100644 --- a/2012/4xxx/CVE-2012-4066.json +++ b/2012/4xxx/CVE-2012-4066.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08", - "refsource" : "CONFIRM", - "url" : "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08", + "refsource": "CONFIRM", + "url": "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4293.json b/2012/4xxx/CVE-2012-4293.json index f663bc969a8..57cbde234e9 100644 --- a/2012/4xxx/CVE-2012-4293.json +++ b/2012/4xxx/CVE-2012-4293.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-22.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "openSUSE-SU-2012:1067", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514562" - }, - { - "name" : "openSUSE-SU-2012:1035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" - }, - { - "name" : "55035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55035" - }, - { - "name" : "oval:org.mitre.oval:def:15527", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15527" - }, - { - "name" : "51363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51363" - }, - { - "name" : "50276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50276" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55035" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "oval:org.mitre.oval:def:15527", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15527" + }, + { + "name": "51363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51363" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-22.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-22.html" + }, + { + "name": "openSUSE-SU-2012:1035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" + }, + { + "name": "50276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50276" + }, + { + "name": "openSUSE-SU-2012:1067", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514562" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4492.json b/2012/4xxx/CVE-2012-4492.json index 81bad1b31e7..0d89644fdaa 100644 --- a/2012/4xxx/CVE-2012-4492.json +++ b/2012/4xxx/CVE-2012-4492.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" - }, - { - "name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" - }, - { - "name" : "http://drupal.org/node/1719392", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1719392" - }, - { - "name" : "https://drupal.org/node/1719306", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1719306" - }, - { - "name" : "https://drupal.org/node/1719310", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1719310" - }, - { - "name" : "54911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6" + }, + { + "name": "https://drupal.org/node/1719310", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1719310" + }, + { + "name": "http://drupal.org/node/1719392", + "refsource": "MISC", + "url": "http://drupal.org/node/1719392" + }, + { + "name": "https://drupal.org/node/1719306", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1719306" + }, + { + "name": "54911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54911" + }, + { + "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4511.json b/2012/4xxx/CVE-2012-4511.json index f86ad289550..b3ecd31648f 100644 --- a/2012/4xxx/CVE-2012-4511.json +++ b/2012/4xxx/CVE-2012-4511.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121010 CVE request: libsocialweb untrusted connection to flickr", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/10/10" - }, - { - "name" : "[oss-security] 20121010 Re: CVE request: libsocialweb untrusted connection to flickr", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/11/1" - }, - { - "name" : "[oss-security] 20121023 Wrong affected version in the CVE-2012-4511", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/23/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=863206", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=863206" - }, - { - "name" : "http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503", - "refsource" : "CONFIRM", - "url" : "http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=863206", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863206" + }, + { + "name": "[oss-security] 20121010 CVE request: libsocialweb untrusted connection to flickr", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/10/10" + }, + { + "name": "[oss-security] 20121023 Wrong affected version in the CVE-2012-4511", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/23/5" + }, + { + "name": "http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503", + "refsource": "CONFIRM", + "url": "http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503" + }, + { + "name": "[oss-security] 20121010 Re: CVE request: libsocialweb untrusted connection to flickr", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/11/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4612.json b/2012/4xxx/CVE-2012-4612.json index 2d83bedbbc3..f0c4f41887d 100644 --- a/2012/4xxx/CVE-2012-4612.json +++ b/2012/4xxx/CVE-2012-4612.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-4612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121113 ESA-2012-055: RSA Data Protection Manager Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html" - }, - { - "name" : "56506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56506" + }, + { + "name": "20121113 ESA-2012-055: RSA Data Protection Manager Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4936.json b/2012/4xxx/CVE-2012-4936.json index e5366f22dc3..a1d9175b244 100644 --- a/2012/4xxx/CVE-2012-4936.json +++ b/2012/4xxx/CVE-2012-4936.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#802596", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/802596" - }, - { - "name" : "56381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56381" - }, - { - "name" : "51203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51203" - }, - { - "name" : "pattern-insight-clickjacking(79784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#802596", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/802596" + }, + { + "name": "56381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56381" + }, + { + "name": "51203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51203" + }, + { + "name": "pattern-insight-clickjacking(79784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79784" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2098.json b/2017/2xxx/CVE-2017-2098.json index b90cc81cdd0..ec2057f3980 100644 --- a/2017/2xxx/CVE-2017-2098.json +++ b/2017/2xxx/CVE-2017-2098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CubeCart", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to 6.1.4" - } - ] - } - } - ] - }, - "vendor_name" : "CubeCart Limited" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CubeCart", + "version": { + "version_data": [ + { + "version_value": "versions prior to 6.1.4" + } + ] + } + } + ] + }, + "vendor_name": "CubeCart Limited" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forums.cubecart.com/topic/52088-cubecart-614-released/", - "refsource" : "MISC", - "url" : "https://forums.cubecart.com/topic/52088-cubecart-614-released/" - }, - { - "name" : "JVN#81618356", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN81618356/index.html" - }, - { - "name" : "95866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forums.cubecart.com/topic/52088-cubecart-614-released/", + "refsource": "MISC", + "url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/" + }, + { + "name": "JVN#81618356", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN81618356/index.html" + }, + { + "name": "95866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95866" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2179.json b/2017/2xxx/CVE-2017-2179.json index b6a0730ccff..280764ba589 100644 --- a/2017/2xxx/CVE-2017-2179.json +++ b/2017/2xxx/CVE-2017-2179.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application", - "version" : { - "version_data" : [ - { - "version_value" : "V3.0.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application", + "version": { + "version_data": [ + { + "version_value": "V3.0.2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#80238098", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN80238098/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#80238098", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN80238098/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2576.json b/2017/2xxx/CVE-2017-2576.json index c4194413604..8e570a451ba 100644 --- a/2017/2xxx/CVE-2017-2576.json +++ b/2017/2xxx/CVE-2017-2576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-2576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moodle 2.x and 3.x", - "version" : { - "version_data" : [ - { - "version_value" : "Moodle 2.x and 3.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moodle 2.x and 3.x", + "version": { + "version_data": [ + { + "version_value": "Moodle 2.x and 3.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=345912", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=345912" - }, - { - "name" : "95649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95649" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=345912", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=345912" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2707.json b/2017/2xxx/CVE-2017-2707.json index 0b353ef2c21..157e0df5892 100644 --- a/2017/2xxx/CVE-2017-2707.json +++ b/2017/2xxx/CVE-2017-2707.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mate 9", - "version" : { - "version_data" : [ - { - "version_value" : "MHA-AL00AC00B125" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mate 9", + "version": { + "version_data": [ + { + "version_value": "MHA-AL00AC00B125" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2767.json b/2017/2xxx/CVE-2017-2767.json index c09b2dd2f68..b4e9cc12edd 100644 --- a/2017/2xxx/CVE-2017-2767.json +++ b/2017/2xxx/CVE-2017-2767.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-2767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Java RMI Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-2767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x", + "version": { + "version_data": [ + { + "version_value": "EMC Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540085/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540085/30/0/threaded" - }, - { - "name" : "95938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95938" - }, - { - "name" : "1037761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Java RMI Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95938" + }, + { + "name": "http://www.securityfocus.com/archive/1/540085/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540085/30/0/threaded" + }, + { + "name": "1037761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037761" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2949.json b/2017/2xxx/CVE-2017-2949.json index ed616a5dd47..fc2c4a34073 100644 --- a/2017/2xxx/CVE-2017-2949.json +++ b/2017/2xxx/CVE-2017-2949.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-005", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-005" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-006", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-006" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-007", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-007" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-008", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-008" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-009", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-009" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-011", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-011" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-012", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-012" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-013", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-013" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-015", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-015" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-016", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-016" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-017", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-017" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-018", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-018" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-019", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-019" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-020", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-020" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-028", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-028" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-029", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-029" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95344" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-005", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-005" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-020", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-020" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-006", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-006" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-009", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-009" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-007", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-007" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-029", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-029" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-008", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-008" + }, + { + "name": "95344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95344" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-017", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-017" + }, + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-028", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-028" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-016", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-016" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-011", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-011" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-019", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-019" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-015", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-015" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-012", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-012" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-018", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-018" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-013", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-013" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3765.json b/2017/3xxx/CVE-2017-3765.json index 95a0ae3b651..c057d7e0b42 100644 --- a/2017/3xxx/CVE-2017-3765.json +++ b/2017/3xxx/CVE-2017-3765.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2017-3765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Enterprise Network Operating System affecting Lenovo and IBM RackSwitch and BladeCenter Products", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as \"HP Backdoor\" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2017-3765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Network Operating System affecting Lenovo and IBM RackSwitch and BladeCenter Products", + "version": { + "version_data": [ + { + "version_value": "Earlier than" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-16095", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-16095" - }, - { - "name" : "1040296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as \"HP Backdoor\" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-16095", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-16095" + }, + { + "name": "1040296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040296" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6202.json b/2017/6xxx/CVE-2017-6202.json index a2946056fed..a92ac58732e 100644 --- a/2017/6xxx/CVE-2017-6202.json +++ b/2017/6xxx/CVE-2017-6202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6496.json b/2017/6xxx/CVE-2017-6496.json index 91308539f71..fdf8b0f9d77 100644 --- a/2017/6xxx/CVE-2017-6496.json +++ b/2017/6xxx/CVE-2017-6496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6496", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6496", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6535.json b/2017/6xxx/CVE-2017-6535.json index 3cadec64b03..d1bca9a52ef 100644 --- a/2017/6xxx/CVE-2017-6535.json +++ b/2017/6xxx/CVE-2017-6535.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WPO-Foundation/webpagetest/issues/832", - "refsource" : "CONFIRM", - "url" : "https://github.com/WPO-Foundation/webpagetest/issues/832" - }, - { - "name" : "96935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96935" + }, + { + "name": "https://github.com/WPO-Foundation/webpagetest/issues/832", + "refsource": "CONFIRM", + "url": "https://github.com/WPO-Foundation/webpagetest/issues/832" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7057.json b/2017/7xxx/CVE-2017-7057.json index a29afac8e13..f457dffe8ca 100644 --- a/2017/7xxx/CVE-2017-7057.json +++ b/2017/7xxx/CVE-2017-7057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7232.json b/2017/7xxx/CVE-2017-7232.json index 7edc027b945..e6d1e196106 100644 --- a/2017/7xxx/CVE-2017-7232.json +++ b/2017/7xxx/CVE-2017-7232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7232", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7232", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7384.json b/2017/7xxx/CVE-2017-7384.json index a8b5f915149..0c584139235 100644 --- a/2017/7xxx/CVE-2017-7384.json +++ b/2017/7xxx/CVE-2017-7384.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bits3c.blogspot.dk/2017/05/cve-2017-7384-reflected-xss-in-flippdf.html", - "refsource" : "MISC", - "url" : "https://bits3c.blogspot.dk/2017/05/cve-2017-7384-reflected-xss-in-flippdf.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bits3c.blogspot.dk/2017/05/cve-2017-7384-reflected-xss-in-flippdf.html", + "refsource": "MISC", + "url": "https://bits3c.blogspot.dk/2017/05/cve-2017-7384-reflected-xss-in-flippdf.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7706.json b/2017/7xxx/CVE-2017-7706.json index 8349d84aa90..b4b51a8571a 100644 --- a/2017/7xxx/CVE-2017-7706.json +++ b/2017/7xxx/CVE-2017-7706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10185.json b/2018/10xxx/CVE-2018-10185.json index 337242a1d4a..bc14656d2f9 100644 --- a/2018/10xxx/CVE-2018-10185.json +++ b/2018/10xxx/CVE-2018-10185.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yeyinshi/tuzicms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/yeyinshi/tuzicms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/yeyinshi/tuzicms/issues/1", + "refsource": "MISC", + "url": "https://github.com/yeyinshi/tuzicms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10678.json b/2018/10xxx/CVE-2018-10678.json index 587c844c7a5..f4d0c1bea91 100644 --- a/2018/10xxx/CVE-2018-10678.json +++ b/2018/10xxx/CVE-2018-10678.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target=\"_blank\" rel=\"noopener\"' in A elements, which makes it easier for remote attackers to conduct redirection attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", - "refsource" : "MISC", - "url" : "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc" - }, - { - "name" : "104187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target=\"_blank\" rel=\"noopener\"' in A elements, which makes it easier for remote attackers to conduct redirection attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104187" + }, + { + "name": "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", + "refsource": "MISC", + "url": "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10825.json b/2018/10xxx/CVE-2018-10825.json index c925f5a9ecd..f8a7aa28f1c 100644 --- a/2018/10xxx/CVE-2018-10825.json +++ b/2018/10xxx/CVE-2018-10825.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@victor_14768/mimo-baby-hack-ac7fa0ae3bfb", - "refsource" : "MISC", - "url" : "https://medium.com/@victor_14768/mimo-baby-hack-ac7fa0ae3bfb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@victor_14768/mimo-baby-hack-ac7fa0ae3bfb", + "refsource": "MISC", + "url": "https://medium.com/@victor_14768/mimo-baby-hack-ac7fa0ae3bfb" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14157.json b/2018/14xxx/CVE-2018-14157.json index 89e1108fc94..3997ca1cefc 100644 --- a/2018/14xxx/CVE-2018-14157.json +++ b/2018/14xxx/CVE-2018-14157.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14157", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14157", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14530.json b/2018/14xxx/CVE-2018-14530.json index 27a3eafb884..0b60cbe8489 100644 --- a/2018/14xxx/CVE-2018-14530.json +++ b/2018/14xxx/CVE-2018-14530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14530", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14530", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14576.json b/2018/14xxx/CVE-2018-14576.json index 59d72844ab2..b97910cf50f 100644 --- a/2018/14xxx/CVE-2018-14576.json +++ b/2018/14xxx/CVE-2018-14576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180727 Integer overflow in SunContract", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/93" - }, - { - "name" : "https://github.com/SunContract/SmartContracts/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/SunContract/SmartContracts/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180727 Integer overflow in SunContract", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/93" + }, + { + "name": "https://github.com/SunContract/SmartContracts/issues/1", + "refsource": "MISC", + "url": "https://github.com/SunContract/SmartContracts/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14742.json b/2018/14xxx/CVE-2018-14742.json index 909464a45cf..4abd5163ddb 100644 --- a/2018/14xxx/CVE-2018-14742.json +++ b/2018/14xxx/CVE-2018-14742.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019", - "refsource" : "MISC", - "url" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019", + "refsource": "MISC", + "url": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15056.json b/2018/15xxx/CVE-2018-15056.json index 73c63e66481..9fcdb84f996 100644 --- a/2018/15xxx/CVE-2018-15056.json +++ b/2018/15xxx/CVE-2018-15056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15702.json b/2018/15xxx/CVE-2018-15702.json index eaacf71d279..2233a418816 100644 --- a/2018/15xxx/CVE-2018-15702.json +++ b/2018/15xxx/CVE-2018-15702.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-15702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TP-Link TL-WRN841N", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware versions 0.9.1 4.16 v0348.0 and below" - } - ] - } - } - ] - }, - "vendor_name" : "TP-Link" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Requrest Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-15702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TP-Link TL-WRN841N", + "version": { + "version_data": [ + { + "version_value": "Firmware versions 0.9.1 4.16 v0348.0 and below" + } + ] + } + } + ] + }, + "vendor_name": "TP-Link" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-27", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-27" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Requrest Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-27", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-27" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20184.json b/2018/20xxx/CVE-2018-20184.json index 9e9916fa030..b0b86cf8c0f 100644 --- a/2018/20xxx/CVE-2018-20184.json +++ b/2018/20xxx/CVE-2018-20184.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html" - }, - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b", - "refsource" : "MISC", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/583/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/583/" - }, - { - "name" : "106229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106229" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b", + "refsource": "MISC", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b" + }, + { + "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html" + }, + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/583/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/583/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20314.json b/2018/20xxx/CVE-2018-20314.json index 6ed44ece59a..d4a2fa9a510 100644 --- a/2018/20xxx/CVE-2018-20314.json +++ b/2018/20xxx/CVE-2018-20314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20643.json b/2018/20xxx/CVE-2018-20643.json index 10bcf33d0d2..72ac4556999 100644 --- a/2018/20xxx/CVE-2018-20643.json +++ b/2018/20xxx/CVE-2018-20643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9035.json b/2018/9xxx/CVE-2018-9035.json index 91c445d33b8..b2f47077211 100644 --- a/2018/9xxx/CVE-2018-9035.json +++ b/2018/9xxx/CVE-2018-9035.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44367", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44367/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44367", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44367/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9064.json b/2018/9xxx/CVE-2018-9064.json index daf9d9bfed3..ce66d9b99d2 100644 --- a/2018/9xxx/CVE-2018-9064.json +++ b/2018/9xxx/CVE-2018-9064.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-9064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lenovo xClarity Administrator", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 2.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-9064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lenovo xClarity Administrator", + "version": { + "version_data": [ + { + "version_value": "Earlier than 2.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-22168", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-22168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-22168", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-22168" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9207.json b/2018/9xxx/CVE-2018-9207.json index c1d72f0b136..fb1c20465ca 100644 --- a/2018/9xxx/CVE-2018-9207.json +++ b/2018/9xxx/CVE-2018-9207.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "DATE_ASSIGNED" : "2018-11-02", - "ID" : "CVE-2018-9207", - "REQUESTER" : "larry0@me.com", - "STATE" : "PUBLIC", - "UPDATED" : "2018-11-19T13:21Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : " jQuery Upload File", - "version" : { - "version_data" : [ - { - "version_affected" : "<=", - "version_value" : "4.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "hayageek" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arbitrary file upload in jQuery Upload File <= 4.0.2" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2018-11-02", + "ID": "CVE-2018-9207", + "REQUESTER": "larry0@me.com", + "STATE": "PUBLIC", + "UPDATED": "2018-11-19T13:21Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " jQuery Upload File", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.0.2" + } + ] + } + } + ] + }, + "vendor_name": "hayageek" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=206", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arbitrary file upload in jQuery Upload File <= 4.0.2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=206", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=206" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9649.json b/2018/9xxx/CVE-2018-9649.json index 32f6d9a37ba..29db8918517 100644 --- a/2018/9xxx/CVE-2018-9649.json +++ b/2018/9xxx/CVE-2018-9649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9649", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9649", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file