diff --git a/2002/0xxx/CVE-2002-0231.json b/2002/0xxx/CVE-2002-0231.json index 9b71c188a06..10a6962e513 100644 --- a/2002/0xxx/CVE-2002-0231.json +++ b/2002/0xxx/CVE-2002-0231.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020203 Buffer overflow in mIRC allowing arbitary code to be executed.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101286747013955&w=2" - }, - { - "name" : "20020204 Re: Buffer overflow in mIRC allowing arbitary code to be executed.", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/254105" - }, - { - "name" : "http://www.uuuppz.com/research/adv-001-mirc.htm", - "refsource" : "MISC", - "url" : "http://www.uuuppz.com/research/adv-001-mirc.htm" - }, - { - "name" : "mirc-nickname-bo(8083)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8083.php" - }, - { - "name" : "4027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4027" + }, + { + "name": "20020203 Buffer overflow in mIRC allowing arbitary code to be executed.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101286747013955&w=2" + }, + { + "name": "mirc-nickname-bo(8083)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8083.php" + }, + { + "name": "http://www.uuuppz.com/research/adv-001-mirc.htm", + "refsource": "MISC", + "url": "http://www.uuuppz.com/research/adv-001-mirc.htm" + }, + { + "name": "20020204 Re: Buffer overflow in mIRC allowing arbitary code to be executed.", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/254105" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0582.json b/2002/0xxx/CVE-2002-0582.json index 960952edb33..7818ec2186d 100644 --- a/2002/0xxx/CVE-2002-0582.json +++ b/2002/0xxx/CVE-2002-0582.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020419 Xpede many vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html" - }, - { - "name" : "4554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4554" - }, - { - "name" : "xpede-expense-directory-permissions(8905)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8905.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4554" + }, + { + "name": "20020419 Xpede many vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html" + }, + { + "name": "xpede-expense-directory-permissions(8905)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8905.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0665.json b/2002/0xxx/CVE-2002-0665.json index 617eba938f6..2dc1ae99e52 100644 --- a/2002/0xxx/CVE-2002-0665.json +++ b/2002/0xxx/CVE-2002-0665.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102529402127195&w=2" - }, - { - "name" : "20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html" - }, - { - "name" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23164", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23164" - }, - { - "name" : "jrun-forwardslash-auth-bypass(9450)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9450.php" - }, - { - "name" : "5118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23164", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23164" + }, + { + "name": "20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html" + }, + { + "name": "5118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5118" + }, + { + "name": "20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102529402127195&w=2" + }, + { + "name": "jrun-forwardslash-auth-bypass(9450)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9450.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0685.json b/2002/0xxx/CVE-2002-0685.json index e8e85d68200..e72e1142f94 100644 --- a/2002/0xxx/CVE-2002-0685.json +++ b/2002/0xxx/CVE-2002-0685.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102634756815773&w=2" - }, - { - "name" : "20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=102639521518942&w=2" - }, - { - "name" : "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt", - "refsource" : "CONFIRM", - "url" : "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt" - }, - { - "name" : "VU#821139", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/821139" - }, - { - "name" : "5202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5202" - }, - { - "name" : "4364", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4364" - }, - { - "name" : "pgp-outlook-heap-overflow(9525)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9525.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4364", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4364" + }, + { + "name": "pgp-outlook-heap-overflow(9525)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9525.php" + }, + { + "name": "VU#821139", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/821139" + }, + { + "name": "5202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5202" + }, + { + "name": "20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=102639521518942&w=2" + }, + { + "name": "20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102634756815773&w=2" + }, + { + "name": "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt", + "refsource": "CONFIRM", + "url": "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0946.json b/2002/0xxx/CVE-2002-0946.json index 43ec3124b61..41785ae6817 100644 --- a/2002/0xxx/CVE-2002-0946.json +++ b/2002/0xxx/CVE-2002-0946.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\\ (dot dot) sequences in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020608 SeaNox Devwex - Denial of Service and Directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html" - }, - { - "name" : "http://www.seanox.de/projects.devwex.php", - "refsource" : "CONFIRM", - "url" : "http://www.seanox.de/projects.devwex.php" - }, - { - "name" : "4978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4978" - }, - { - "name" : "devwex-dotdot-directory-traversal(9299)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9299.php" - }, - { - "name" : "5048", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\\ (dot dot) sequences in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020608 SeaNox Devwex - Denial of Service and Directory traversal", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html" + }, + { + "name": "5048", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5048" + }, + { + "name": "http://www.seanox.de/projects.devwex.php", + "refsource": "CONFIRM", + "url": "http://www.seanox.de/projects.devwex.php" + }, + { + "name": "devwex-dotdot-directory-traversal(9299)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9299.php" + }, + { + "name": "4978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4978" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1079.json b/2002/1xxx/CVE-2002-1079.json index 627f7707d6c..b48bd684f17 100644 --- a/2002/1xxx/CVE-2002-1079.json +++ b/2002/1xxx/CVE-2002-1079.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in an HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020822 Abyss 1.0.3 directory traversal and administration bugs", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html" - }, - { - "name" : "http://www.aprelium.com/news/patch1033.html", - "refsource" : "CONFIRM", - "url" : "http://www.aprelium.com/news/patch1033.html" - }, - { - "name" : "abyss-get-directory-traversal(9941)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9941.php" - }, - { - "name" : "abyss-http-directory-traversal(9940)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9940.php" - }, - { - "name" : "5547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5547" - }, - { - "name" : "3285", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in an HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.aprelium.com/news/patch1033.html", + "refsource": "CONFIRM", + "url": "http://www.aprelium.com/news/patch1033.html" + }, + { + "name": "20020822 Abyss 1.0.3 directory traversal and administration bugs", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html" + }, + { + "name": "abyss-http-directory-traversal(9940)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9940.php" + }, + { + "name": "3285", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3285" + }, + { + "name": "abyss-get-directory-traversal(9941)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9941.php" + }, + { + "name": "5547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5547" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1475.json b/2002/1xxx/CVE-2002-1475.json index 295b6f6ed67..2b0c1ff81a6 100644 --- a/2002/1xxx/CVE-2002-1475.json +++ b/2002/1xxx/CVE-2002-1475.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to \"take over packets destined for another host\" and cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT-547", - "refsource" : "COMPAQ", - "url" : "http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to \"take over packets destined for another host\" and cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT-547", + "refsource": "COMPAQ", + "url": "http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2136.json b/2002/2xxx/CVE-2002-2136.json index f43692226aa..1ea4c37a4b5 100644 --- a/2002/2xxx/CVE-2002-2136.json +++ b/2002/2xxx/CVE-2002-2136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2136", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1590. Reason: This candidate is a duplicate of CVE-2002-1590. Notes: All CVE users should reference CVE-2002-1590 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-2136", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1590. Reason: This candidate is a duplicate of CVE-2002-1590. Notes: All CVE users should reference CVE-2002-1590 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2274.json b/2002/2xxx/CVE-2002-2274.json index cd54fab831f..53f62a1e1d7 100644 --- a/2002/2xxx/CVE-2002-2274.json +++ b/2002/2xxx/CVE-2002-2274.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "akfingerd 0.5 allows local users to read arbitrary files as the akfingerd user (nobody) via a symlink attack on the .plan file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021205 Multiple vulnerabilities in akfingerd", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0049.html" - }, - { - "name" : "http://synflood.at/akfingerd", - "refsource" : "CONFIRM", - "url" : "http://synflood.at/akfingerd" - }, - { - "name" : "6325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6325" - }, - { - "name" : "akfingerd-read-files(10796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "akfingerd 0.5 allows local users to read arbitrary files as the akfingerd user (nobody) via a symlink attack on the .plan file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6325" + }, + { + "name": "20021205 Multiple vulnerabilities in akfingerd", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0049.html" + }, + { + "name": "http://synflood.at/akfingerd", + "refsource": "CONFIRM", + "url": "http://synflood.at/akfingerd" + }, + { + "name": "akfingerd-read-files(10796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10796" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0550.json b/2003/0xxx/CVE-2003-0550.json index 607051d8689..c1e4ac0200c 100644 --- a/2003/0xxx/CVE-2003-0550.json +++ b/2003/0xxx/CVE-2003-0550.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:238", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html" - }, - { - "name" : "DSA-358", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-358" - }, - { - "name" : "DSA-423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-423" - }, - { - "name" : "RHSA-2003:239", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html" - }, - { - "name" : "oval:org.mitre.oval:def:380", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:238", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html" + }, + { + "name": "DSA-423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-423" + }, + { + "name": "RHSA-2003:239", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-239.html" + }, + { + "name": "oval:org.mitre.oval:def:380", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380" + }, + { + "name": "DSA-358", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-358" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0677.json b/2003/0xxx/CVE-2003-0677.json index de9dc9124f4..99e08f93f25 100644 --- a/2003/0xxx/CVE-2003-0677.json +++ b/2003/0xxx/CVE-2003-0677.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka \"ONDM Ping failure.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030807 Cisco CSS 11000 Series DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/332284" - }, - { - "name" : "20030807 Cisco CSS 11000 Series DoS", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0073.html" - }, - { - "name" : "20030808 Re: [VulnWatch] Cisco CSS 11000 Series DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0079.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka \"ONDM Ping failure.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030807 Cisco CSS 11000 Series DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/332284" + }, + { + "name": "20030808 Re: [VulnWatch] Cisco CSS 11000 Series DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0079.html" + }, + { + "name": "20030807 Cisco CSS 11000 Series DoS", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0073.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0689.json b/2003/0xxx/CVE-2003-0689.json index 28c9c4e0f00..ee1d2a6f3d8 100644 --- a/2003/0xxx/CVE-2003-0689.json +++ b/2003/0xxx/CVE-2003-0689.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:249", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-249.html" - }, - { - "name" : "RHSA-2003:325", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-325.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:249", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-249.html" + }, + { + "name": "RHSA-2003:325", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-325.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0705.json b/2003/0xxx/CVE-2003-0705.json index bf13fa0f691..cc0d12a5393 100644 --- a/2003/0xxx/CVE-2003-0705.json +++ b/2003/0xxx/CVE-2003-0705.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-378", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-378", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-378" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1690.json b/2005/1xxx/CVE-2005-1690.json index cf49b3284d1..cafe141c800 100644 --- a/2005/1xxx/CVE-2005-1690.json +++ b/2005/1xxx/CVE-2005-1690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1690", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1250. Reason: This candidate is a duplicate of CVE-2005-1250. Notes: this duplicate occurred as a result of multiple independent discoveries and insufficient coordination by the vendor and CNA. All CVE users should reference CVE-2005-1250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1690", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1250. Reason: This candidate is a duplicate of CVE-2005-1250. Notes: this duplicate occurred as a result of multiple independent discoveries and insufficient coordination by the vendor and CNA. All CVE users should reference CVE-2005-1250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1497.json b/2009/1xxx/CVE-2009-1497.json index 66cb3da3cf8..1538f9bae56 100644 --- a/2009/1xxx/CVE-2009-1497.json +++ b/2009/1xxx/CVE-2009-1497.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090408 [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502552/100/0/threaded" - }, - { - "name" : "8370", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8370" - }, - { - "name" : "http://security.bkis.vn/?p=501", - "refsource" : "MISC", - "url" : "http://security.bkis.vn/?p=501" - }, - { - "name" : "34427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34427" - }, - { - "name" : "53361", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53361" - }, - { - "name" : "34639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53361", + "refsource": "OSVDB", + "url": "http://osvdb.org/53361" + }, + { + "name": "8370", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8370" + }, + { + "name": "20090408 [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502552/100/0/threaded" + }, + { + "name": "34427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34427" + }, + { + "name": "34639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34639" + }, + { + "name": "http://security.bkis.vn/?p=501", + "refsource": "MISC", + "url": "http://security.bkis.vn/?p=501" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1859.json b/2009/1xxx/CVE-2009-1859.json index 34fe8d21fd1..8fa8054972b 100644 --- a/2009/1xxx/CVE-2009-1859.json +++ b/2009/1xxx/CVE-2009-1859.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html" - }, - { - "name" : "GLSA-200907-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-06.xml" - }, - { - "name" : "RHSA-2009:1109", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1109.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html" - }, - { - "name" : "TA09-161A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-161A.html" - }, - { - "name" : "35274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35274" - }, - { - "name" : "35289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35289" - }, - { - "name" : "1022361", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022361" - }, - { - "name" : "34580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34580" - }, - { - "name" : "35496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35496" - }, - { - "name" : "35655", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35655" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "35734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35734" - }, - { - "name" : "ADV-2009-1547", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35274" + }, + { + "name": "35289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35289" + }, + { + "name": "ADV-2009-1547", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1547" + }, + { + "name": "35655", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35655" + }, + { + "name": "TA09-161A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-161A.html" + }, + { + "name": "35734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35734" + }, + { + "name": "RHSA-2009:1109", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1109.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-07.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-07.html" + }, + { + "name": "SUSE-SA:2009:035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html" + }, + { + "name": "1022361", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022361" + }, + { + "name": "GLSA-200907-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-06.xml" + }, + { + "name": "34580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34580" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "35496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35496" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5083.json b/2009/5xxx/CVE-2009-5083.json index 5f5b0de79d3..3270ba500e2 100644 --- a/2009/5xxx/CVE-2009-5083.json +++ b/2009/5xxx/CVE-2009-5083.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029497", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029497" - }, - { - "name" : "IZ44571", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IZ44571", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44571" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029497", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029497" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0080.json b/2012/0xxx/CVE-2012-0080.json index 6afb69a3230..5c71a0a85f0 100644 --- a/2012/0xxx/CVE-2012-0080.json +++ b/2012/0xxx/CVE-2012-0080.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "51466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51466" - }, - { - "name" : "peoplesoft-enterprisehcm-cve20120080(72481)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51466" + }, + { + "name": "peoplesoft-enterprisehcm-cve20120080(72481)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72481" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0243.json b/2012/0xxx/CVE-2012-0243.json index 7375015abd1..2d91ab9c78f 100644 --- a/2012/0xxx/CVE-2012-0243.json +++ b/2012/0xxx/CVE-2012-0243.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" - }, - { - "name" : "52051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" + }, + { + "name": "52051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52051" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1717.json b/2012/1xxx/CVE-2012-1717.json index f873746b512..2ce97f30592 100644 --- a/2012/1xxx/CVE-2012-1717.json +++ b/2012/1xxx/CVE-2012-1717.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21615246", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21615246" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "MDVSA-2012:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2012:1243", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1243.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2012:0734", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0734.html" - }, - { - "name" : "SUSE-SU-2012:1231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" - }, - { - "name" : "SUSE-SU-2012:1177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html" - }, - { - "name" : "SUSE-SU-2012:1265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" - }, - { - "name" : "SUSE-SU-2012:1204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html" - }, - { - "name" : "53952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53952" - }, - { - "name" : "50659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50659" - }, - { - "name" : "51080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53952" + }, + { + "name": "SUSE-SU-2012:1265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "SUSE-SU-2012:1177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html" + }, + { + "name": "SUSE-SU-2012:1231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" + }, + { + "name": "RHSA-2012:0734", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0734.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" + }, + { + "name": "RHSA-2012:1243", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1243.html" + }, + { + "name": "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html" + }, + { + "name": "50659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50659" + }, + { + "name": "SUSE-SU-2012:1204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "MDVSA-2012:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21615246", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21615246" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "51080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51080" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1766.json b/2012/1xxx/CVE-2012-1766.json index bb1bee60e74..b5a74b6200c 100644 --- a/2012/1xxx/CVE-2012-1766.json +++ b/2012/1xxx/CVE-2012-1766.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" - }, - { - "name" : "http://technet.microsoft.com/security/advisory/2737111", - "refsource" : "CONFIRM", - "url" : "http://technet.microsoft.com/security/advisory/2737111" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MS12-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" - }, - { - "name" : "MS12-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" - }, - { - "name" : "VU#118913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/118913" - }, - { - "name" : "54531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54531" - }, - { - "name" : "oval:org.mitre.oval:def:15724", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15724" - }, - { - "name" : "1027264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027264" - }, - { - "name" : "outsideintechnology-outsideinfilters-dos(76999)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "outsideintechnology-outsideinfilters-dos(76999)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76999" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" + }, + { + "name": "1027264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027264" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "VU#118913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/118913" + }, + { + "name": "MS12-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "54531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54531" + }, + { + "name": "oval:org.mitre.oval:def:15724", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15724" + }, + { + "name": "MS12-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "http://technet.microsoft.com/security/advisory/2737111", + "refsource": "CONFIRM", + "url": "http://technet.microsoft.com/security/advisory/2737111" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1985.json b/2012/1xxx/CVE-2012-1985.json index b4698ed845e..c677944d150 100644 --- a/2012/1xxx/CVE-2012-1985.json +++ b/2012/1xxx/CVE-2012-1985.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf", - "refsource" : "CONFIRM", - "url" : "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf" - }, - { - "name" : "52929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52929" - }, - { - "name" : "1026898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026898" - }, - { - "name" : "helix-server-url-dos(74678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52929" + }, + { + "name": "helix-server-url-dos(74678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74678" + }, + { + "name": "1026898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026898" + }, + { + "name": "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf", + "refsource": "CONFIRM", + "url": "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3087.json b/2012/3xxx/CVE-2012-3087.json index 09949e1052f..90aa1603ed8 100644 --- a/2012/3xxx/CVE-2012-3087.json +++ b/2012/3xxx/CVE-2012-3087.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3087", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3087", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3328.json b/2012/3xxx/CVE-2012-3328.json index 0950c63153c..04b86e4bbc0 100644 --- a/2012/3xxx/CVE-2012-3328.json +++ b/2012/3xxx/CVE-2012-3328.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625624", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" - }, - { - "name" : "IV20823", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823" - }, - { - "name" : "mam-hiddenframefooter-xss(78040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" + }, + { + "name": "mam-hiddenframefooter-xss(78040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040" + }, + { + "name": "IV20823", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3487.json b/2012/3xxx/CVE-2012-3487.json index 37951aba733..b657970f170 100644 --- a/2012/3xxx/CVE-2012-3487.json +++ b/2012/3xxx/CVE-2012-3487.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html" - }, - { - "name" : "[oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/14/1" - }, - { - "name" : "http://code.google.com/p/tunnelblick/issues/detail?id=212", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/tunnelblick/issues/detail?id=212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/14/1" + }, + { + "name": "http://code.google.com/p/tunnelblick/issues/detail?id=212", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/tunnelblick/issues/detail?id=212" + }, + { + "name": "20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3524.json b/2012/3xxx/CVE-2012-3524.json index 4057ac09f81..d3c14b42fd1 100644 --- a/2012/3xxx/CVE-2012-3524.json +++ b/2012/3xxx/CVE-2012-3524.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: \"we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21323", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/21323" - }, - { - "name" : "[oss-security] 20120710 libdbus hardening", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/10/4" - }, - { - "name" : "[oss-security] 20120726 Re: libdbus hardening", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/26/1" - }, - { - "name" : "[oss-security] 20120912 libdbus CVE-2012-3524 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/12/6" - }, - { - "name" : "[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/14/2" - }, - { - "name" : "[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/17/2" - }, - { - "name" : "http://stealth.openwall.net/null/dzug.c", - "refsource" : "MISC", - "url" : "http://stealth.openwall.net/null/dzug.c" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=697105", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=697105" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=847402", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=847402" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=52202", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=52202" - }, - { - "name" : "MDVSA-2013:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:070" - }, - { - "name" : "MDVSA-2013:083", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:083" - }, - { - "name" : "RHSA-2012:1261", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1261.html" - }, - { - "name" : "SUSE-SU-2012:1155", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html" - }, - { - "name" : "SUSE-SU-2012:1155-2", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html" - }, - { - "name" : "openSUSE-SU-2012:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html" - }, - { - "name" : "openSUSE-SU-2012:1418", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" - }, - { - "name" : "USN-1576-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1576-2" - }, - { - "name" : "USN-1576-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1576-1" - }, - { - "name" : "55517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55517" - }, - { - "name" : "50537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50537" - }, - { - "name" : "50544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50544" - }, - { - "name" : "50710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: \"we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1155", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00009.html" + }, + { + "name": "[oss-security] 20120912 libdbus CVE-2012-3524 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/12/6" + }, + { + "name": "[oss-security] 20120726 Re: libdbus hardening", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/26/1" + }, + { + "name": "openSUSE-SU-2012:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00000.html" + }, + { + "name": "openSUSE-SU-2012:1418", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" + }, + { + "name": "50544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50544" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=52202", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=52202" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=847402", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847402" + }, + { + "name": "USN-1576-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1576-1" + }, + { + "name": "50537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50537" + }, + { + "name": "[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/17/2" + }, + { + "name": "21323", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/21323" + }, + { + "name": "55517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55517" + }, + { + "name": "RHSA-2012:1261", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1261.html" + }, + { + "name": "[oss-security] 20120710 libdbus hardening", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/10/4" + }, + { + "name": "[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/14/2" + }, + { + "name": "MDVSA-2013:083", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:083" + }, + { + "name": "MDVSA-2013:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:070" + }, + { + "name": "50710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50710" + }, + { + "name": "SUSE-SU-2012:1155-2", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00015.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=697105", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=697105" + }, + { + "name": "USN-1576-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1576-2" + }, + { + "name": "http://stealth.openwall.net/null/dzug.c", + "refsource": "MISC", + "url": "http://stealth.openwall.net/null/dzug.c" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4191.json b/2012/4xxx/CVE-2012-4191.json index 5599b517825..c70a675b17c 100644 --- a/2012/4xxx/CVE-2012-4191.json +++ b/2012/4xxx/CVE-2012-4191.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-88.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-88.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798045", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798045" - }, - { - "name" : "USN-1608-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1608-1" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "86125", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86125" - }, - { - "name" : "oval:org.mitre.oval:def:16719", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16719" - }, - { - "name" : "1027653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027653" - }, - { - "name" : "50929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50929" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - }, - { - "name" : "mozilla-websockets-code-execution(79209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "oval:org.mitre.oval:def:16719", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16719" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=798045", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=798045" + }, + { + "name": "mozilla-websockets-code-execution(79209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79209" + }, + { + "name": "86125", + "refsource": "OSVDB", + "url": "http://osvdb.org/86125" + }, + { + "name": "USN-1608-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1608-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-88.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-88.html" + }, + { + "name": "50929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50929" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + }, + { + "name": "1027653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027653" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4342.json b/2012/4xxx/CVE-2012-4342.json index e6af1d36f37..1e2f938628b 100644 --- a/2012/4xxx/CVE-2012-4342.json +++ b/2012/4xxx/CVE-2012-4342.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_3_0_4", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_3_0_4" - }, - { - "name" : "FEDORA-2012-9666", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html" - }, - { - "name" : "FEDORA-2012-9705", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-9705", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082954.html" + }, + { + "name": "http://gallery.menalto.com/gallery_3_0_4", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_3_0_4" + }, + { + "name": "FEDORA-2012-9666", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082995.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2162.json b/2017/2xxx/CVE-2017-2162.json index 1b68f4b08a8..34fe7feb402 100644 --- a/2017/2xxx/CVE-2017-2162.json +++ b/2017/2xxx/CVE-2017-2162.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FlashAirTM SDHC Memory Card (SD-WE Series )", - "version" : { - "version_data" : [ - { - "version_value" : "V3.00.02 and earlier" - } - ] - } - }, - { - "product_name" : "FlashAirTM SDHC Memory Card (SD-WD/WC Series )", - "version" : { - "version_data" : [ - { - "version_value" : "V2.00.04 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Toshiba Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Configures default credentials" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FlashAirTM SDHC Memory Card (SD-WE Series )", + "version": { + "version_data": [ + { + "version_value": "V3.00.02 and earlier" + } + ] + } + }, + { + "product_name": "FlashAirTM SDHC Memory Card (SD-WD/WC Series )", + "version": { + "version_data": [ + { + "version_value": "V2.00.04 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.toshiba-personalstorage.net/news/20170516a.htm", - "refsource" : "CONFIRM", - "url" : "http://www.toshiba-personalstorage.net/news/20170516a.htm" - }, - { - "name" : "JVN#81820501", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN81820501/index.html" - }, - { - "name" : "JVNDB-2017-000091", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configures default credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2017-000091", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091" + }, + { + "name": "JVN#81820501", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN81820501/index.html" + }, + { + "name": "http://www.toshiba-personalstorage.net/news/20170516a.htm", + "refsource": "CONFIRM", + "url": "http://www.toshiba-personalstorage.net/news/20170516a.htm" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2455.json b/2017/2xxx/CVE-2017-2455.json index 55a55863b05..e4184936b6b 100644 --- a/2017/2xxx/CVE-2017-2455.json +++ b/2017/2xxx/CVE-2017-2455.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41809", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41809/" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1082", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1082" - }, - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97130" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41809", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41809/" + }, + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97130" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1082", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1082" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6115.json b/2017/6xxx/CVE-2017-6115.json index 9aee11f1496..099073214b2 100644 --- a/2017/6xxx/CVE-2017-6115.json +++ b/2017/6xxx/CVE-2017-6115.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6115", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6115", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6182.json b/2017/6xxx/CVE-2017-6182.json index 387f4dcea90..6ea76ee3ccb 100644 --- a/2017/6xxx/CVE-2017-6182.json +++ b/2017/6xxx/CVE-2017-6182.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42332", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42332/" - }, - { - "name" : "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html", - "refsource" : "CONFIRM", - "url" : "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html" - }, - { - "name" : "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2", - "refsource" : "CONFIRM", - "url" : "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2" - }, - { - "name" : "97261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html", + "refsource": "CONFIRM", + "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html" + }, + { + "name": "97261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97261" + }, + { + "name": "42332", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42332/" + }, + { + "name": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2", + "refsource": "CONFIRM", + "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6214.json b/2017/6xxx/CVE-2017-6214.json index 274935337eb..a99910ed347 100644 --- a/2017/6xxx/CVE-2017-6214.json +++ b/2017/6xxx/CVE-2017-6214.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "DSA-3804", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3804" - }, - { - "name" : "RHSA-2017:1372", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1372" - }, - { - "name" : "RHSA-2017:1615", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1615" - }, - { - "name" : "RHSA-2017:1616", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1616" - }, - { - "name" : "RHSA-2017:1647", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1647" - }, - { - "name" : "96421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96421" - }, - { - "name" : "1037897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "96421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96421" + }, + { + "name": "RHSA-2017:1615", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1615" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82" + }, + { + "name": "RHSA-2017:1647", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1647" + }, + { + "name": "RHSA-2017:1616", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1616" + }, + { + "name": "RHSA-2017:1372", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1372" + }, + { + "name": "1037897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037897" + }, + { + "name": "DSA-3804", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3804" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11" + }, + { + "name": "https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6331.json b/2017/6xxx/CVE-2017-6331.json index e618f4a6b2e..81ea787f3b0 100644 --- a/2017/6xxx/CVE-2017-6331.json +++ b/2017/6xxx/CVE-2017-6331.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-6331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Symantec Endpoint Protection", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to SEP 14 RU1" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Tamper-protection bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-6331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Protection", + "version": { + "version_data": [ + { + "version_value": "Prior to SEP 14 RU1" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43134", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43134/" - }, - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00" - }, - { - "name" : "101502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101502" - }, - { - "name" : "1039775", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tamper-protection bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43134", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43134/" + }, + { + "name": "101502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101502" + }, + { + "name": "1039775", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039775" + }, + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6471.json b/2017/6xxx/CVE-2017-6471.json index f109295cd63..43e7b313c80 100644 --- a/2017/6xxx/CVE-2017-6471.json +++ b/2017/6xxx/CVE-2017-6471.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=62afef41277dfac37f515207ca73d33306e3302b", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=62afef41277dfac37f515207ca73d33306e3302b" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-05.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-05.html" - }, - { - "name" : "DSA-3811", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3811" - }, - { - "name" : "96564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=62afef41277dfac37f515207ca73d33306e3302b", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=62afef41277dfac37f515207ca73d33306e3302b" + }, + { + "name": "96564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96564" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-05.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-05.html" + }, + { + "name": "DSA-3811", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3811" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6933.json b/2017/6xxx/CVE-2017-6933.json index 9699448d258..c62db105631 100644 --- a/2017/6xxx/CVE-2017-6933.json +++ b/2017/6xxx/CVE-2017-6933.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6933", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6933", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7383.json b/2017/7xxx/CVE-2017-7383.json index 9f7054fad1d..5fe4c4828ac 100644 --- a/2017/7xxx/CVE-2017-7383.json +++ b/2017/7xxx/CVE-2017-7383.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference" - }, - { - "name" : "97296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference" + }, + { + "name": "97296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97296" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10052.json b/2018/10xxx/CVE-2018-10052.json index 7d00ad58784..9d8d74d83ff 100644 --- a/2018/10xxx/CVE-2018-10052.json +++ b/2018/10xxx/CVE-2018-10052.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pastebin.com/aeqYLK9u", - "refsource" : "MISC", - "url" : "https://pastebin.com/aeqYLK9u" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/aeqYLK9u", + "refsource": "MISC", + "url": "https://pastebin.com/aeqYLK9u" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10390.json b/2018/10xxx/CVE-2018-10390.json index 5b636d32a26..ede2345c909 100644 --- a/2018/10xxx/CVE-2018-10390.json +++ b/2018/10xxx/CVE-2018-10390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10964.json b/2018/10xxx/CVE-2018-10964.json index 9da1caa8522..79a85291429 100644 --- a/2018/10xxx/CVE-2018-10964.json +++ b/2018/10xxx/CVE-2018-10964.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10964", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10964", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14144.json b/2018/14xxx/CVE-2018-14144.json index ea61d2cd2b6..44467b0b679 100644 --- a/2018/14xxx/CVE-2018-14144.json +++ b/2018/14xxx/CVE-2018-14144.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14144", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14144", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14262.json b/2018/14xxx/CVE-2018-14262.json index 4a39c776310..d2c98e1e369 100644 --- a/2018/14xxx/CVE-2018-14262.json +++ b/2018/14xxx/CVE-2018-14262.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-722", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-722" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-722", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-722" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14423.json b/2018/14xxx/CVE-2018-14423.json index 44b0889f2a0..833bc2fe743 100644 --- a/2018/14xxx/CVE-2018-14423.json +++ b/2018/14xxx/CVE-2018-14423.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181222 [SECURITY] [DLA 1614-1] openjpeg2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/issues/1123", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/issues/1123" - }, - { - "name" : "DSA-4405", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1614-1] openjpeg2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html" + }, + { + "name": "https://github.com/uclouvain/openjpeg/issues/1123", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/issues/1123" + }, + { + "name": "DSA-4405", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4405" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14684.json b/2018/14xxx/CVE-2018-14684.json index 49dd018cd2f..9018d7ddc61 100644 --- a/2018/14xxx/CVE-2018-14684.json +++ b/2018/14xxx/CVE-2018-14684.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14684", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14684", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14947.json b/2018/14xxx/CVE-2018-14947.json index 81801b6c288..3f8108ba844 100644 --- a/2018/14xxx/CVE-2018-14947.json +++ b/2018/14xxx/CVE-2018-14947.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/flexpaper/pdf2json/issues/20", - "refsource" : "MISC", - "url" : "https://github.com/flexpaper/pdf2json/issues/20" - }, - { - "name" : "https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-csstyle", - "refsource" : "MISC", - "url" : "https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-csstyle" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/flexpaper/pdf2json/issues/20", + "refsource": "MISC", + "url": "https://github.com/flexpaper/pdf2json/issues/20" + }, + { + "name": "https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-csstyle", + "refsource": "MISC", + "url": "https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-csstyle" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15284.json b/2018/15xxx/CVE-2018-15284.json index 88d503068fb..97c7fa8186d 100644 --- a/2018/15xxx/CVE-2018-15284.json +++ b/2018/15xxx/CVE-2018-15284.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15284", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15284", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15693.json b/2018/15xxx/CVE-2018-15693.json index b792a084795..072b5e575a0 100644 --- a/2018/15xxx/CVE-2018-15693.json +++ b/2018/15xxx/CVE-2018-15693.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kpmg.de/noindex/advisories/KPMG-2018-001.txt", - "refsource" : "MISC", - "url" : "https://www.kpmg.de/noindex/advisories/KPMG-2018-001.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kpmg.de/noindex/advisories/KPMG-2018-001.txt", + "refsource": "MISC", + "url": "https://www.kpmg.de/noindex/advisories/KPMG-2018-001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20230.json b/2018/20xxx/CVE-2018-20230.json index ca18aa801eb..60ece555ecb 100644 --- a/2018/20xxx/CVE-2018-20230.json +++ b/2018/20xxx/CVE-2018-20230.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1660318", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1660318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1660318", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660318" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20258.json b/2018/20xxx/CVE-2018-20258.json index 4b4d2f01204..edfd8b018bc 100644 --- a/2018/20xxx/CVE-2018-20258.json +++ b/2018/20xxx/CVE-2018-20258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9070.json b/2018/9xxx/CVE-2018-9070.json index 7bd177ec41a..ceaa352707e 100644 --- a/2018/9xxx/CVE-2018-9070.json +++ b/2018/9xxx/CVE-2018-9070.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2018-07-13T00:00:00", - "ID" : "CVE-2018-9070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lenovo Smart Assistant", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 12.1.82" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Root access of the device" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2018-07-13T00:00:00", + "ID": "CVE-2018-9070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lenovo Smart Assistant", + "version": { + "version_data": [ + { + "version_value": "Earlier than 12.1.82" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-22172", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-22172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Root access of the device" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-22172", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-22172" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9238.json b/2018/9xxx/CVE-2018-9238.json index 8255049a89b..0df7b541dc5 100644 --- a/2018/9xxx/CVE-2018-9238.json +++ b/2018/9xxx/CVE-2018-9238.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44424", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44424/" - }, - { - "name" : "https://pastebin.com/ia7U4vi9", - "refsource" : "MISC", - "url" : "https://pastebin.com/ia7U4vi9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44424", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44424/" + }, + { + "name": "https://pastebin.com/ia7U4vi9", + "refsource": "MISC", + "url": "https://pastebin.com/ia7U4vi9" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9624.json b/2018/9xxx/CVE-2018-9624.json index 12dbd08e93e..baa91cb0761 100644 --- a/2018/9xxx/CVE-2018-9624.json +++ b/2018/9xxx/CVE-2018-9624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9743.json b/2018/9xxx/CVE-2018-9743.json index d31c4d636b4..f092c359545 100644 --- a/2018/9xxx/CVE-2018-9743.json +++ b/2018/9xxx/CVE-2018-9743.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9743", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9743", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file