diff --git a/2002/0xxx/CVE-2002-0079.json b/2002/0xxx/CVE-2002-0079.json index 7ea62c6330b..9501fd7cecf 100644 --- a/2002/0xxx/CVE-2002-0079.json +++ b/2002/0xxx/CVE-2002-0079.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101846993304518&w=2" - }, - { - "name" : "MS02-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" - }, - { - "name" : "CA-2002-09", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-09.html" - }, - { - "name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" - }, - { - "name" : "VU#610291", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/610291" - }, - { - "name" : "iis-asp-chunked-encoding-bo(8795)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8795.php" - }, - { - "name" : "4485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4485" - }, - { - "name" : "oval:org.mitre.oval:def:16", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16" - }, - { - "name" : "oval:org.mitre.oval:def:25", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:25", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25" + }, + { + "name": "VU#610291", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/610291" + }, + { + "name": "oval:org.mitre.oval:def:16", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16" + }, + { + "name": "4485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4485" + }, + { + "name": "MS02-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" + }, + { + "name": "20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101846993304518&w=2" + }, + { + "name": "iis-asp-chunked-encoding-bo(8795)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8795.php" + }, + { + "name": "CA-2002-09", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-09.html" + }, + { + "name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0117.json b/2002/0xxx/CVE-2002-0117.json index 929d6927694..9685eefafb8 100644 --- a/2002/0xxx/CVE-2002-0117.json +++ b/2002/0xxx/CVE-2002-0117.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/249031" - }, - { - "name" : "http://www.yabbforum.com/", - "refsource" : "CONFIRM", - "url" : "http://www.yabbforum.com/" - }, - { - "name" : "3828", - "refsource" : "BID", - "url" : "http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828" - }, - { - "name" : "2019", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2019" - }, - { - "name" : "yabb-encoded-css(7840)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7840.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/249031" + }, + { + "name": "http://www.yabbforum.com/", + "refsource": "CONFIRM", + "url": "http://www.yabbforum.com/" + }, + { + "name": "yabb-encoded-css(7840)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7840.php" + }, + { + "name": "3828", + "refsource": "BID", + "url": "http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828" + }, + { + "name": "2019", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2019" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0765.json b/2002/0xxx/CVE-2002-0765.json index 027644ffdcc..2c590ccb815 100644 --- a/2002/0xxx/CVE-2002-0765.json +++ b/2002/0xxx/CVE-2002-0765.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020527 OpenSSH 3.2.3 released (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html" - }, - { - "name" : "20020522 004: SECURITY FIX: May 22, 2002", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#sshbsdauth" - }, - { - "name" : "4803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4803" - }, - { - "name" : "bsd-sshd-authentication-error(9215)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9215.php" - }, - { - "name" : "5113", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020527 OpenSSH 3.2.3 released (fwd)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html" + }, + { + "name": "bsd-sshd-authentication-error(9215)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9215.php" + }, + { + "name": "20020522 004: SECURITY FIX: May 22, 2002", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#sshbsdauth" + }, + { + "name": "5113", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5113" + }, + { + "name": "4803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4803" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0842.json b/2002/0xxx/CVE-2002-0842.json index 8dfd3f5d914..9a44880154f 100644 --- a/2002/0xxx/CVE-2002-0842.json +++ b/2002/0xxx/CVE-2002-0842.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a \"502 Bad Gateway\" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104549708626309&w=2" - }, - { - "name" : "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104549708626309&w=2" - }, - { - "name" : "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html" - }, - { - "name" : "http://www.nextgenss.com/advisories/ora-appservfmtst.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/ora-appservfmtst.txt" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf" - }, - { - "name" : "CA-2003-05", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-05.html" - }, - { - "name" : "VU#849993", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/849993" - }, - { - "name" : "N-046", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-046.shtml" - }, - { - "name" : "20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104559446010858&w=2" - }, - { - "name" : "20030218 Re: CSSA-2003-007.0 Advisory withdrawn.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104560577227981&w=2" - }, - { - "name" : "oracle-appserver-davpublic-dos(11330)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11330.php" - }, - { - "name" : "6846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a \"502 Bad Gateway\" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2003-05", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-05.html" + }, + { + "name": "N-046", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-046.shtml" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf" + }, + { + "name": "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104549708626309&w=2" + }, + { + "name": "VU#849993", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/849993" + }, + { + "name": "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html" + }, + { + "name": "oracle-appserver-davpublic-dos(11330)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11330.php" + }, + { + "name": "6846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6846" + }, + { + "name": "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104549708626309&w=2" + }, + { + "name": "20030218 Re: CSSA-2003-007.0 Advisory withdrawn.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104560577227981&w=2" + }, + { + "name": "20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104559446010858&w=2" + }, + { + "name": "http://www.nextgenss.com/advisories/ora-appservfmtst.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/ora-appservfmtst.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0945.json b/2002/0xxx/CVE-2002-0945.json index 177db0f61a3..bd10bb97b4b 100644 --- a/2002/0xxx/CVE-2002-0945.json +++ b/2002/0xxx/CVE-2002-0945.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020608 SeaNox Devwex - Denial of Service and Directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html" - }, - { - "name" : "http://www.seanox.de/projects.devwex.php", - "refsource" : "CONFIRM", - "url" : "http://www.seanox.de/projects.devwex.php" - }, - { - "name" : "devwex-get-bo(9298)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9298.php" - }, - { - "name" : "4979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4979" - }, - { - "name" : "5047", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "devwex-get-bo(9298)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9298.php" + }, + { + "name": "5047", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5047" + }, + { + "name": "20020608 SeaNox Devwex - Denial of Service and Directory traversal", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html" + }, + { + "name": "http://www.seanox.de/projects.devwex.php", + "refsource": "CONFIRM", + "url": "http://www.seanox.de/projects.devwex.php" + }, + { + "name": "4979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4979" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1499.json b/2002/1xxx/CVE-2002-1499.json index 6a3d688c880..d53b980a1b9 100644 --- a/2002/1xxx/CVE-2002-1499.json +++ b/2002/1xxx/CVE-2002-1499.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020831 FactoSystem CMS Contains Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/290021" - }, - { - "name" : "20020830 FactoSystem CMS Contains Multiple Vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668" - }, - { - "name" : "factosystem-asp-sql-injection(10000)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10000.php" - }, - { - "name" : "5600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "factosystem-asp-sql-injection(10000)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10000.php" + }, + { + "name": "5600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5600" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668" + }, + { + "name": "20020830 FactoSystem CMS Contains Multiple Vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html" + }, + { + "name": "20020831 FactoSystem CMS Contains Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/290021" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2001.json b/2002/2xxx/CVE-2002-2001.json index 0df95958c9b..b8430f054ad 100644 --- a/2002/2xxx/CVE-2002-2001.json +++ b/2002/2xxx/CVE-2002-2001.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2002:008", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:008" - }, - { - "name" : "3940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3940" - }, - { - "name" : "linux-jmcce-tmp-symlink(7980)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7980.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3940" + }, + { + "name": "linux-jmcce-tmp-symlink(7980)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7980.php" + }, + { + "name": "MDKSA-2002:008", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:008" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0038.json b/2005/0xxx/CVE-2005-0038.json index 0ec6d90acdf..08c92b0388a 100644 --- a/2005/0xxx/CVE-2005-0038.json +++ b/2005/0xxx/CVE-2005-0038.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html" - }, - { - "name" : "13729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13729" - }, - { - "name" : "25291", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13729" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en" + }, + { + "name": "25291", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25291" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0785.json b/2005/0xxx/CVE-2005-0785.json index 0a791e7df10..52257cb06f0 100644 --- a/2005/0xxx/CVE-2005-0785.json +++ b/2005/0xxx/CVE-2005-0785.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050313 YaBB2 rc1 XSS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111083400601759&w=2" - }, - { - "name" : "12756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12756" - }, - { - "name" : "1013420", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013420" - }, - { - "name" : "yabb-usersrecentposts-xss(19671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013420", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013420" + }, + { + "name": "20050313 YaBB2 rc1 XSS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111083400601759&w=2" + }, + { + "name": "yabb-usersrecentposts-xss(19671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19671" + }, + { + "name": "12756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12756" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1210.json b/2005/1xxx/CVE-2005-1210.json index eaa68caf3bf..dbacbe83b3f 100644 --- a/2005/1xxx/CVE-2005-1210.json +++ b/2005/1xxx/CVE-2005-1210.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1210", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1210", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1831.json b/2005/1xxx/CVE-2005-1831.json index 63c71556d3d..a7c466c5bd0 100644 --- a/2005/1xxx/CVE-2005-1831.json +++ b/2005/1xxx/CVE-2005-1831.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating \"Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050531 [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111755694008928&w=2" - }, - { - "name" : "20050531 RE: [securitysuse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html" - }, - { - "name" : "20050531 Re: [securitysuse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html" - }, - { - "name" : "20417", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating \"Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050531 RE: [securitysuse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html" + }, + { + "name": "20050531 Re: [securitysuse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html" + }, + { + "name": "20050531 [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111755694008928&w=2" + }, + { + "name": "20417", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20417" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0030.json b/2009/0xxx/CVE-2009-0030.json index 1d7120420f3..a831819a6a9 100644 --- a/2009/0xxx/CVE-2009-0030.json +++ b/2009/0xxx/CVE-2009-0030.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=480224", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=480224" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=480488", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=480488" - }, - { - "name" : "RHSA-2009:0057", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0057.html" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "33354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33354" - }, - { - "name" : "oval:org.mitre.oval:def:10366", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366" - }, - { - "name" : "1021611", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021611" - }, - { - "name" : "33611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33611" - }, - { - "name" : "squirrelmail-sessionid-session-hijacking(48115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:0057", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0057.html" + }, + { + "name": "33611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33611" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=480488", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480488" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=480224", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480224" + }, + { + "name": "oval:org.mitre.oval:def:10366", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366" + }, + { + "name": "squirrelmail-sessionid-session-hijacking(48115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48115" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "1021611", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021611" + }, + { + "name": "33354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33354" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0317.json b/2009/0xxx/CVE-2009-0317.json index 07f4a37d53f..d0e8ac6bf22 100644 --- a/2009/0xxx/CVE-2009-0317.json +++ b/2009/0xxx/CVE-2009-0317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481570", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481570" - }, - { - "name" : "33442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481570", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481570" + }, + { + "name": "33442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33442" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0597.json b/2009/0xxx/CVE-2009-0597.json index 2c34e5ec2ac..5d6eb0b396f 100644 --- a/2009/0xxx/CVE-2009-0597.json +++ b/2009/0xxx/CVE-2009-0597.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7640", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7640" - }, - { - "name" : "http://forum.w3bcms.de/viewtopic.php?f=5&t=256", - "refsource" : "MISC", - "url" : "http://forum.w3bcms.de/viewtopic.php?f=5&t=256" - }, - { - "name" : "33082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33082" - }, - { - "name" : "51108", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51108" - }, - { - "name" : "33364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33364" + }, + { + "name": "33082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33082" + }, + { + "name": "http://forum.w3bcms.de/viewtopic.php?f=5&t=256", + "refsource": "MISC", + "url": "http://forum.w3bcms.de/viewtopic.php?f=5&t=256" + }, + { + "name": "51108", + "refsource": "OSVDB", + "url": "http://osvdb.org/51108" + }, + { + "name": "7640", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7640" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0825.json b/2009/0xxx/CVE-2009-0825.json index be155dfb985..df917c4919a 100644 --- a/2009/0xxx/CVE-2009-0825.json +++ b/2009/0xxx/CVE-2009-0825.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090306 [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501547/100/0/threaded" - }, - { - "name" : "http://en.securitylab.ru/lab/PT-2009-13", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2009-13" - }, - { - "name" : "http://sourceforge.net/project/showfiles.php?group_id=133415", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/showfiles.php?group_id=133415" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540" - }, - { - "name" : "34021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34021" - }, - { - "name" : "34178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34178" - }, - { - "name" : "tinxcms-rss-sql-injection(49115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/showfiles.php?group_id=133415", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/showfiles.php?group_id=133415" + }, + { + "name": "20090306 [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501547/100/0/threaded" + }, + { + "name": "34021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34021" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540" + }, + { + "name": "http://en.securitylab.ru/lab/PT-2009-13", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2009-13" + }, + { + "name": "tinxcms-rss-sql-injection(49115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49115" + }, + { + "name": "34178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34178" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0853.json b/2009/0xxx/CVE-2009-0853.json index a74d5a7e276..fdf0f71c33a 100644 --- a/2009/0xxx/CVE-2009-0853.json +++ b/2009/0xxx/CVE-2009-0853.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090305 CelerBB 0.0.2 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501481/100/0/threaded" - }, - { - "name" : "8161", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8161" - }, - { - "name" : "34014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34014" + }, + { + "name": "8161", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8161" + }, + { + "name": "20090305 CelerBB 0.0.2 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501481/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1774.json b/2009/1xxx/CVE-2009-1774.json index 718cee74deb..8609c5a9ceb 100644 --- a/2009/1xxx/CVE-2009-1774.json +++ b/2009/1xxx/CVE-2009-1774.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8681", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8681" - }, - { - "name" : "34971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34971" - }, - { - "name" : "28330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28330" - }, - { - "name" : "strawberry-index-file-include(50562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8681", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8681" + }, + { + "name": "strawberry-index-file-include(50562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50562" + }, + { + "name": "34971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34971" + }, + { + "name": "28330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28330" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1882.json b/2009/1xxx/CVE-2009-1882.json index e7d6e9696d5..aa8fdb03f5e 100644 --- a/2009/1xxx/CVE-2009-1882.json +++ b/2009/1xxx/CVE-2009-1882.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101027 rPSA-2010-0074-1 ImageMagick", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514516/100/0/threaded" - }, - { - "name" : "[oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/06/08/1" - }, - { - "name" : "http://imagemagick.org/script/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://imagemagick.org/script/changelog.php" - }, - { - "name" : "http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0074", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0074" - }, - { - "name" : "DSA-1858", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1858" - }, - { - "name" : "FEDORA-2010-0001", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833.html" - }, - { - "name" : "FEDORA-2010-0036", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766.html" - }, - { - "name" : "GLSA-201311-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201311-10.xml" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "USN-784-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/784-1/" - }, - { - "name" : "35111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35111" - }, - { - "name" : "54729", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54729" - }, - { - "name" : "35216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35216" - }, - { - "name" : "35382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35382" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "36260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36260" - }, - { - "name" : "37959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37959" - }, - { - "name" : "55721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55721" - }, - { - "name" : "ADV-2009-1449", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54729", + "refsource": "OSVDB", + "url": "http://osvdb.org/54729" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0074", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0074" + }, + { + "name": "GLSA-201311-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201311-10.xml" + }, + { + "name": "37959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37959" + }, + { + "name": "[oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/06/08/1" + }, + { + "name": "USN-784-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/784-1/" + }, + { + "name": "20101027 rPSA-2010-0074-1 ImageMagick", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514516/100/0/threaded" + }, + { + "name": "35382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35382" + }, + { + "name": "FEDORA-2010-0001", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833.html" + }, + { + "name": "55721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55721" + }, + { + "name": "http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html", + "refsource": "CONFIRM", + "url": "http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html" + }, + { + "name": "35111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35111" + }, + { + "name": "http://imagemagick.org/script/changelog.php", + "refsource": "CONFIRM", + "url": "http://imagemagick.org/script/changelog.php" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "35216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35216" + }, + { + "name": "DSA-1858", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1858" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "ADV-2009-1449", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1449" + }, + { + "name": "FEDORA-2010-0036", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766.html" + }, + { + "name": "36260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36260" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2404.json b/2012/2xxx/CVE-2012-2404.json index 5ebd6cc0919..d9567d3ef8c 100644 --- a/2012/2xxx/CVE-2012-2404.json +++ b/2012/2xxx/CVE-2012-2404.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php" - }, - { - "name" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/" - }, - { - "name" : "DSA-2470", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2470" - }, - { - "name" : "53192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53192" - }, - { - "name" : "81464", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81464" - }, - { - "name" : "49138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49138" - }, - { - "name" : "48957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48957" - }, - { - "name" : "wordpress-wpredirect-xss(75092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75092" - }, - { - "name" : "wordpress-wpcommentspostphp-xss(75202)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81464", + "refsource": "OSVDB", + "url": "http://osvdb.org/81464" + }, + { + "name": "49138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49138" + }, + { + "name": "48957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48957" + }, + { + "name": "wordpress-wpcommentspostphp-xss(75202)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75202" + }, + { + "name": "DSA-2470", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2470" + }, + { + "name": "53192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53192" + }, + { + "name": "http://wordpress.org/news/2012/04/wordpress-3-3-2/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/" + }, + { + "name": "wordpress-wpredirect-xss(75092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75092" + }, + { + "name": "http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2571.json b/2012/2xxx/CVE-2012-2571.json index 908457a9dcf..729c78606ff 100644 --- a/2012/2xxx/CVE-2012-2571.json +++ b/2012/2xxx/CVE-2012-2571.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20366", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20366/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20366", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20366/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2918.json b/2012/2xxx/CVE-2012-2918.json index 4fe071971cf..54794f50643 100644 --- a/2012/2xxx/CVE-2012-2918.json +++ b/2012/2xxx/CVE-2012-2918.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html" - }, - { - "name" : "53448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53448" - }, - { - "name" : "chevereto-index-xss(75476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53448" + }, + { + "name": "chevereto-index-xss(75476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75476" + }, + { + "name": "http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2991.json b/2012/2xxx/CVE-2012-2991.json index ca4bb8d8518..938ee15596a 100644 --- a/2012/2xxx/CVE-2012-2991.json +++ b/2012/2xxx/CVE-2012-2991.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#459446", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/459446" - }, - { - "name" : "50640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#459446", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/459446" + }, + { + "name": "50640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50640" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3151.json b/2012/3xxx/CVE-2012-3151.json index b4947e4c432..b8e947f68b3 100644 --- a/2012/3xxx/CVE-2012-3151.json +++ b/2012/3xxx/CVE-2012-3151.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3158.json b/2012/3xxx/CVE-2012-3158.json index 4c9fc2adc46..e5e0c600dc2 100644 --- a/2012/3xxx/CVE-2012-3158.json +++ b/2012/3xxx/CVE-2012-3158.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "DSA-2581", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2581" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MDVSA-2013:102", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" - }, - { - "name" : "RHSA-2012:1462", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1462.html" - }, - { - "name" : "USN-1621-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1621-1" - }, - { - "name" : "51309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51309" - }, - { - "name" : "51177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51177" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - }, - { - "name" : "mysqlserver-protocol-cve20123158(79382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51177" + }, + { + "name": "RHSA-2012:1462", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html" + }, + { + "name": "MDVSA-2013:102", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "DSA-2581", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2581" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "51309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51309" + }, + { + "name": "mysqlserver-protocol-cve20123158(79382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79382" + }, + { + "name": "USN-1621-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1621-1" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3479.json b/2012/3xxx/CVE-2012-3479.json index 5840f366c5b..518f8af34d2 100644 --- a/2012/3xxx/CVE-2012-3479.json +++ b/2012/3xxx/CVE-2012-3479.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/13/2" - }, - { - "name" : "[oss-security] 20120813 Security flaw in GNU Emacs file-local variables", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/13/1" - }, - { - "name" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155", - "refsource" : "CONFIRM", - "url" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155" - }, - { - "name" : "DSA-2603", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2603" - }, - { - "name" : "MDVSA-2013:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:076" - }, - { - "name" : "SSA:2012-228-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.420006" - }, - { - "name" : "openSUSE-SU-2012:1348", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00057.html" - }, - { - "name" : "USN-1586-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1586-1" - }, - { - "name" : "54969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54969" - }, - { - "name" : "1027375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027375" - }, - { - "name" : "50157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50157" - }, - { - "name" : "50801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2012-228-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.420006" + }, + { + "name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155", + "refsource": "CONFIRM", + "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155" + }, + { + "name": "openSUSE-SU-2012:1348", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00057.html" + }, + { + "name": "50801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50801" + }, + { + "name": "[oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/13/2" + }, + { + "name": "USN-1586-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1586-1" + }, + { + "name": "54969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54969" + }, + { + "name": "1027375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027375" + }, + { + "name": "[oss-security] 20120813 Security flaw in GNU Emacs file-local variables", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/13/1" + }, + { + "name": "50157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50157" + }, + { + "name": "MDVSA-2013:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:076" + }, + { + "name": "DSA-2603", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2603" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4047.json b/2012/4xxx/CVE-2012-4047.json index 2546c452766..e65ee55a6d8 100644 --- a/2012/4xxx/CVE-2012-4047.json +++ b/2012/4xxx/CVE-2012-4047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4350.json b/2012/4xxx/CVE-2012-4350.json index fae0c4a2922..8e8a394b6ab 100644 --- a/2012/4xxx/CVE-2012-4350.json +++ b/2012/4xxx/CVE-2012-4350.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00" - }, - { - "name" : "56915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56915" - }, - { - "name" : "1027874", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027874", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027874" + }, + { + "name": "56915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56915" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4546.json b/2012/4xxx/CVE-2012-4546.json index b789029129a..f39a8d40aff 100644 --- a/2012/4xxx/CVE-2012-4546.json +++ b/2012/4xxx/CVE-2012-4546.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2013:0528", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0528.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0528", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0528.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6227.json b/2012/6xxx/CVE-2012-6227.json index 10faef54d8b..b6bb0dd05bf 100644 --- a/2012/6xxx/CVE-2012-6227.json +++ b/2012/6xxx/CVE-2012-6227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6227", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6227", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6243.json b/2012/6xxx/CVE-2012-6243.json index f2c743e5c23..ed22eb48c48 100644 --- a/2012/6xxx/CVE-2012-6243.json +++ b/2012/6xxx/CVE-2012-6243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6243", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6243", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6447.json b/2012/6xxx/CVE-2012-6447.json index ca9bf88005f..97907fd33f8 100644 --- a/2012/6xxx/CVE-2012-6447.json +++ b/2012/6xxx/CVE-2012-6447.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAHXG#59895", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAHXG#59895" - }, - { - "name" : "93745", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/93745" - }, - { - "name" : "1028605", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028605" - }, - { - "name" : "53623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53623" - }, - { - "name" : "splunk-cve20126447-xss(84638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "splunk-cve20126447-xss(84638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84638" + }, + { + "name": "53623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53623" + }, + { + "name": "93745", + "refsource": "OSVDB", + "url": "http://osvdb.org/93745" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAHXG#59895", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAHXG#59895" + }, + { + "name": "1028605", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028605" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5880.json b/2015/5xxx/CVE-2015-5880.json index 2b073ac0e99..59097c9ce12 100644 --- a/2015/5xxx/CVE-2015-5880.json +++ b/2015/5xxx/CVE-2015-5880.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2334.json b/2017/2xxx/CVE-2017-2334.json index c6e9e1f6019..255007e8f5c 100644 --- a/2017/2xxx/CVE-2017-2334.json +++ b/2017/2xxx/CVE-2017-2334.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NorthStar Controller Application", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.1.0 Service Pack 1" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leak" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NorthStar Controller Application", + "version": { + "version_data": [ + { + "version_value": "prior to version 2.1.0 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10783", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10783" - }, - { - "name" : "97616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10783", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10783" + }, + { + "name": "97616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97616" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2579.json b/2017/2xxx/CVE-2017-2579.json index 0302fa39590..6d964917621 100644 --- a/2017/2xxx/CVE-2017-2579.json +++ b/2017/2xxx/CVE-2017-2579.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "netpbm", - "version" : { - "version_data" : [ - { - "version_value" : "10.61" - } - ] - } - } - ] - }, - "vendor_name" : "Netpbm" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "netpbm", + "version": { + "version_data": [ + { + "version_value": "10.61" + } + ] + } + } + ] + }, + "vendor_name": "Netpbm" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579" - }, - { - "name" : "96714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579" + }, + { + "name": "96714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96714" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2591.json b/2017/2xxx/CVE-2017-2591.json index 58c842ae902..9465a72ce01 100644 --- a/2017/2xxx/CVE-2017-2591.json +++ b/2017/2xxx/CVE-2017-2591.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "389-ds-base", - "version" : { - "version_data" : [ - { - "version_value" : "389-ds-base 1.3.6" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "389-ds-base", + "version": { + "version_data": [ + { + "version_value": "389-ds-base 1.3.6" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591" - }, - { - "name" : "https://pagure.io/389-ds-base/issue/48986", - "refsource" : "CONFIRM", - "url" : "https://pagure.io/389-ds-base/issue/48986" - }, - { - "name" : "95670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pagure.io/389-ds-base/issue/48986", + "refsource": "CONFIRM", + "url": "https://pagure.io/389-ds-base/issue/48986" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591" + }, + { + "name": "95670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95670" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2889.json b/2017/2xxx/CVE-2017-2889.json index 4f9b5e1809d..1f346a5d688 100644 --- a/2017/2xxx/CVE-2017-2889.json +++ b/2017/2xxx/CVE-2017-2889.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-2889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Circle", - "version" : { - "version_data" : [ - { - "version_value" : "firmware 2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Circle Media" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-2889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Circle", + "version": { + "version_data": [ + { + "version_value": "firmware 2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Circle Media" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0396", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0396", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0396" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2936.json b/2017/2xxx/CVE-2017-2936.json index 3970d38562d..6b6ce8aea8f 100644 --- a/2017/2xxx/CVE-2017-2936.json +++ b/2017/2xxx/CVE-2017-2936.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.186 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.186 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.186 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.186 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html" - }, - { - "name" : "95342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95342" - }, - { - "name" : "1037570", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "95342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95342" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" + }, + { + "name": "RHSA-2017:0057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html" + }, + { + "name": "1037570", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037570" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6009.json b/2017/6xxx/CVE-2017-6009.json index 597a69add0d..0fb35cda814 100644 --- a/2017/6xxx/CVE-2017-6009.json +++ b/2017/6xxx/CVE-2017-6009.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"decode_ne_resource_id\" function in the \"restable.c\" source file. This is happening because the \"len\" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050" - }, - { - "name" : "DSA-3807", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3807" - }, - { - "name" : "GLSA-201801-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-12" - }, - { - "name" : "RHSA-2017:0837", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0837.html" - }, - { - "name" : "96292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"decode_ne_resource_id\" function in the \"restable.c\" source file. This is happening because the \"len\" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201801-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-12" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050" + }, + { + "name": "96292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96292" + }, + { + "name": "RHSA-2017:0837", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0837.html" + }, + { + "name": "DSA-3807", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3807" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6771.json b/2017/6xxx/CVE-2017-6771.json index 8cbf08e44b4..916c70d4e23 100644 --- a/2017/6xxx/CVE-2017-6771.json +++ b/2017/6xxx/CVE-2017-6771.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2017-08-16T00:00:00", - "ID" : "CVE-2017-6771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Ultra Services Framework", - "version" : { - "version_data" : [ - { - "version_value" : "21.0.v0.65839" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2017-08-16T00:00:00", + "ID": "CVE-2017-6771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ultra Services Framework", + "version": { + "version_data": [ + { + "version_value": "21.0.v0.65839" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170816 Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf" - }, - { - "name" : "100385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100385" + }, + { + "name": "20170816 Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11018.json b/2018/11xxx/CVE-2018-11018.json index bef73ebee2a..d589c035c8b 100644 --- a/2018/11xxx/CVE-2018-11018.json +++ b/2018/11xxx/CVE-2018-11018.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf", - "refsource" : "MISC", - "url" : "https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf", + "refsource": "MISC", + "url": "https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11353.json b/2018/11xxx/CVE-2018-11353.json index fccb49c298c..341cce4e9dd 100644 --- a/2018/11xxx/CVE-2018-11353.json +++ b/2018/11xxx/CVE-2018-11353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11353", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11353", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11455.json b/2018/11xxx/CVE-2018-11455.json index a2e5f8cd9e8..512235e0a46 100644 --- a/2018/11xxx/CVE-2018-11455.json +++ b/2018/11xxx/CVE-2018-11455.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-11455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Automation License Manager 5, Automation License Manager 6", - "version" : { - "version_data" : [ - { - "version_value" : "Automation License Manager 5 : All versions < 5.3.4.4" - }, - { - "version_value" : "Automation License Manager 6 : All versions < 6.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-11455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automation License Manager 5, Automation License Manager 6", + "version": { + "version_data": [ + { + "version_value": "Automation License Manager 5 : All versions < 5.3.4.4" + }, + { + "version_value": "Automation License Manager 6 : All versions < 6.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf" - }, - { - "name" : "105114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105114" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11541.json b/2018/11xxx/CVE-2018-11541.json index 46269954ddc..736ea3c821a 100644 --- a/2018/11xxx/CVE-2018-11541.json +++ b/2018/11xxx/CVE-2018-11541.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb", - "refsource" : "MISC", - "url" : "https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb" - }, - { - "name" : "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes", - "refsource" : "MISC", - "url" : "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb", + "refsource": "MISC", + "url": "https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb" + }, + { + "name": "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes", + "refsource": "MISC", + "url": "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11835.json b/2018/11xxx/CVE-2018-11835.json index a4a28a43c9b..82ca704dbbe 100644 --- a/2018/11xxx/CVE-2018-11835.json +++ b/2018/11xxx/CVE-2018-11835.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11835", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11835", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14177.json b/2018/14xxx/CVE-2018-14177.json index 8adde287143..dd8e0be0445 100644 --- a/2018/14xxx/CVE-2018-14177.json +++ b/2018/14xxx/CVE-2018-14177.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14177", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14177", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14292.json b/2018/14xxx/CVE-2018-14292.json index ce86821a9bf..af5631b9d2a 100644 --- a/2018/14xxx/CVE-2018-14292.json +++ b/2018/14xxx/CVE-2018-14292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6232." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-752", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-752" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6232." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-752", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-752" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14538.json b/2018/14xxx/CVE-2018-14538.json index da1ecbac1c1..387b7e34d1d 100644 --- a/2018/14xxx/CVE-2018-14538.json +++ b/2018/14xxx/CVE-2018-14538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14538", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14538", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14807.json b/2018/14xxx/CVE-2018-14807.json index a7e9fe70706..7193d723eaa 100644 --- a/2018/14xxx/CVE-2018-14807.json +++ b/2018/14xxx/CVE-2018-14807.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-09-04T00:00:00", - "ID" : "CVE-2018-14807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PAC Control Basic and PAC Control Professional", - "version" : { - "version_data" : [ - { - "version_value" : "Versions R10.0a and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Opto 22" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-09-04T00:00:00", + "ID": "CVE-2018-14807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PAC Control Basic and PAC Control Professional", + "version": { + "version_data": [ + { + "version_value": "Versions R10.0a and prior" + } + ] + } + } + ] + }, + "vendor_name": "Opto 22" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01" - }, - { - "name" : "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547", - "refsource" : "CONFIRM", - "url" : "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547", + "refsource": "CONFIRM", + "url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15001.json b/2018/15xxx/CVE-2018-15001.json index 6bf89187888..1bcd965666e 100644 --- a/2018/15xxx/CVE-2018-15001.json +++ b/2018/15xxx/CVE-2018-15001.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" - }, - { - "name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" + }, + { + "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15074.json b/2018/15xxx/CVE-2018-15074.json index cc170b92037..920c2148893 100644 --- a/2018/15xxx/CVE-2018-15074.json +++ b/2018/15xxx/CVE-2018-15074.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15074", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15074", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15247.json b/2018/15xxx/CVE-2018-15247.json index 8045fa8fa13..028c3797268 100644 --- a/2018/15xxx/CVE-2018-15247.json +++ b/2018/15xxx/CVE-2018-15247.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15247", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15247", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15585.json b/2018/15xxx/CVE-2018-15585.json index 5029a2a7597..fb7bc95cc67 100644 --- a/2018/15xxx/CVE-2018-15585.json +++ b/2018/15xxx/CVE-2018-15585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20262.json b/2018/20xxx/CVE-2018-20262.json index 6e4aba1e8c2..ac0c7b89f61 100644 --- a/2018/20xxx/CVE-2018-20262.json +++ b/2018/20xxx/CVE-2018-20262.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20262", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20262", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20497.json b/2018/20xxx/CVE-2018-20497.json index b76dd795aaf..6253162898a 100644 --- a/2018/20xxx/CVE-2018-20497.json +++ b/2018/20xxx/CVE-2018-20497.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20497", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20497", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8200.json b/2018/8xxx/CVE-2018-8200.json index ee9b8d47a98..ff27d6edfea 100644 --- a/2018/8xxx/CVE-2018-8200.json +++ b/2018/8xxx/CVE-2018-8200.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200" - }, - { - "name" : "105007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105007" - }, - { - "name" : "1041459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105007" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200" + }, + { + "name": "1041459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041459" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8237.json b/2018/8xxx/CVE-2018-8237.json index f91fca1f5d9..0eb4e6c2a68 100644 --- a/2018/8xxx/CVE-2018-8237.json +++ b/2018/8xxx/CVE-2018-8237.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8237", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8237", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8314.json b/2018/8xxx/CVE-2018-8314.json index 428dde7d58e..b794309a219 100644 --- a/2018/8xxx/CVE-2018-8314.json +++ b/2018/8xxx/CVE-2018-8314.json @@ -1,169 +1,169 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314" - }, - { - "name" : "104652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104652" - }, - { - "name" : "1041263", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314" + }, + { + "name": "1041263", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041263" + }, + { + "name": "104652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104652" + } + ] + } +} \ No newline at end of file