From 1413bc8077407a87e7faf5216b3668948281d5dc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:31:14 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0013.json | 210 +++++++++---------- 2002/0xxx/CVE-2002-0142.json | 170 +++++++-------- 2002/0xxx/CVE-2002-0365.json | 34 +-- 2002/0xxx/CVE-2002-0474.json | 140 ++++++------- 2002/0xxx/CVE-2002-0964.json | 140 ++++++------- 2002/1xxx/CVE-2002-1114.json | 150 ++++++------- 2002/1xxx/CVE-2002-1228.json | 160 +++++++------- 2002/1xxx/CVE-2002-1501.json | 150 ++++++------- 2002/1xxx/CVE-2002-1570.json | 150 ++++++------- 2002/1xxx/CVE-2002-1841.json | 160 +++++++------- 2002/2xxx/CVE-2002-2336.json | 150 ++++++------- 2002/2xxx/CVE-2002-2363.json | 140 ++++++------- 2003/0xxx/CVE-2003-0136.json | 150 ++++++------- 2003/0xxx/CVE-2003-0408.json | 140 ++++++------- 2003/0xxx/CVE-2003-0491.json | 130 ++++++------ 2009/5xxx/CVE-2009-5055.json | 130 ++++++------ 2012/0xxx/CVE-2012-0408.json | 34 +-- 2012/0xxx/CVE-2012-0452.json | 220 +++++++++---------- 2012/1xxx/CVE-2012-1359.json | 34 +-- 2012/1xxx/CVE-2012-1388.json | 120 +++++------ 2012/3xxx/CVE-2012-3218.json | 130 ++++++------ 2012/3xxx/CVE-2012-3850.json | 34 +-- 2012/4xxx/CVE-2012-4016.json | 150 ++++++------- 2012/4xxx/CVE-2012-4019.json | 160 +++++++------- 2012/4xxx/CVE-2012-4114.json | 120 +++++------ 2012/4xxx/CVE-2012-4359.json | 150 ++++++------- 2012/4xxx/CVE-2012-4475.json | 150 ++++++------- 2012/4xxx/CVE-2012-4631.json | 34 +-- 2017/2xxx/CVE-2017-2042.json | 34 +-- 2017/2xxx/CVE-2017-2304.json | 152 +++++++------- 2017/2xxx/CVE-2017-2466.json | 200 +++++++++--------- 2017/2xxx/CVE-2017-2560.json | 34 +-- 2017/2xxx/CVE-2017-2620.json | 372 ++++++++++++++++----------------- 2017/2xxx/CVE-2017-2984.json | 160 +++++++------- 2017/2xxx/CVE-2017-2986.json | 170 +++++++-------- 2017/6xxx/CVE-2017-6316.json | 160 +++++++------- 2017/6xxx/CVE-2017-6844.json | 120 +++++------ 2017/7xxx/CVE-2017-7302.json | 130 ++++++------ 2017/7xxx/CVE-2017-7548.json | 204 +++++++++--------- 2018/10xxx/CVE-2018-10087.json | 190 ++++++++--------- 2018/10xxx/CVE-2018-10733.json | 140 ++++++------- 2018/10xxx/CVE-2018-10856.json | 160 +++++++------- 2018/14xxx/CVE-2018-14459.json | 120 +++++------ 2018/14xxx/CVE-2018-14512.json | 120 +++++------ 2018/14xxx/CVE-2018-14889.json | 120 +++++------ 2018/15xxx/CVE-2018-15493.json | 120 +++++------ 2018/20xxx/CVE-2018-20169.json | 160 +++++++------- 2018/20xxx/CVE-2018-20595.json | 130 ++++++------ 2018/20xxx/CVE-2018-20602.json | 120 +++++------ 2018/20xxx/CVE-2018-20768.json | 120 +++++------ 2018/9xxx/CVE-2018-9336.json | 160 +++++++------- 2018/9xxx/CVE-2018-9776.json | 34 +-- 2018/9xxx/CVE-2018-9955.json | 130 ++++++------ 53 files changed, 3600 insertions(+), 3600 deletions(-) diff --git a/2002/0xxx/CVE-2002-0013.json b/2002/0xxx/CVE-2002-0013.json index 0a4b6389602..ff8a7aa30fb 100644 --- a/2002/0xxx/CVE-2002-0013.json +++ b/2002/0xxx/CVE-2002-0013.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html" - }, - { - "name" : "CA-2002-03", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-03.html" - }, - { - "name" : "20020212 PROTOS Remote SNMP Attack Tool", - "refsource" : "ISS", - "url" : "http://www.iss.net/security_center/alerts/advise110.php" - }, - { - "name" : "VU#854306", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/854306" - }, - { - "name" : "RHSA-2001:163", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-163.html" - }, - { - "name" : "20020201-01-A", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A" - }, - { - "name" : "MS02-006", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006" - }, - { - "name" : "57404", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1" - }, - { - "name" : "oval:org.mitre.oval:def:87", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A87" - }, - { - "name" : "oval:org.mitre.oval:def:298", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:163", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-163.html" + }, + { + "name": "57404", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1" + }, + { + "name": "MS02-006", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006" + }, + { + "name": "oval:org.mitre.oval:def:87", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A87" + }, + { + "name": "20020201-01-A", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A" + }, + { + "name": "CA-2002-03", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-03.html" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html" + }, + { + "name": "oval:org.mitre.oval:def:298", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298" + }, + { + "name": "VU#854306", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/854306" + }, + { + "name": "20020212 PROTOS Remote SNMP Attack Tool", + "refsource": "ISS", + "url": "http://www.iss.net/security_center/alerts/advise110.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0142.json b/2002/0xxx/CVE-2002-0142.json index bf0cf264180..c696384ba05 100644 --- a/2002/0xxx/CVE-2002-0142.json +++ b/2002/0xxx/CVE-2002-0142.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020114 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/250126" - }, - { - "name" : "20020121 Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101164598828093&w=2" - }, - { - "name" : "20020113 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=101102275316307&w=2" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753" - }, - { - "name" : "3866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3866" - }, - { - "name" : "pi3web-long-parameter-bo(7880)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7880.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753" + }, + { + "name": "20020114 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/250126" + }, + { + "name": "pi3web-long-parameter-bo(7880)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7880.php" + }, + { + "name": "20020121 Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101164598828093&w=2" + }, + { + "name": "20020113 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=101102275316307&w=2" + }, + { + "name": "3866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3866" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0365.json b/2002/0xxx/CVE-2002-0365.json index 1229e56f2c4..d3060404234 100644 --- a/2002/0xxx/CVE-2002-0365.json +++ b/2002/0xxx/CVE-2002-0365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0474.json b/2002/0xxx/CVE-2002-0474.json index 0787bd59d7b..d2bc2e7771c 100644 --- a/2002/0xxx/CVE-2002-0474.json +++ b/2002/0xxx/CVE-2002-0474.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020329 Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/264897" - }, - { - "name" : "4394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4394" - }, - { - "name" : "zeroforum-img-css(8702)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8702.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zeroforum-img-css(8702)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8702.php" + }, + { + "name": "4394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4394" + }, + { + "name": "20020329 Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/264897" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0964.json b/2002/0xxx/CVE-2002-0964.json index 00de5ce69f1..f87cbbf7a37 100644 --- a/2002/0xxx/CVE-2002-0964.json +++ b/2002/0xxx/CVE-2002-0964.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020620 Half-life fake players bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html" - }, - { - "name" : "halflife-mulitple-player-dos(9412)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9412.php" - }, - { - "name" : "5076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "halflife-mulitple-player-dos(9412)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9412.php" + }, + { + "name": "5076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5076" + }, + { + "name": "20020620 Half-life fake players bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1114.json b/2002/1xxx/CVE-2002-1114.json index 137c9849950..d44a0f5a0be 100644 --- a/2002/1xxx/CVE-2002-1114.json +++ b/2002/1xxx/CVE-2002-1114.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102978711618648&w=2" - }, - { - "name" : "DSA-153", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-153" - }, - { - "name" : "mantis-configinc-var-include(9900)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9900.php" - }, - { - "name" : "5509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102978711618648&w=2" + }, + { + "name": "mantis-configinc-var-include(9900)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9900.php" + }, + { + "name": "DSA-153", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-153" + }, + { + "name": "5509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5509" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1228.json b/2002/1xxx/CVE-2002-1228.json index 5a6d50dc86f..47f696b4d49 100644 --- a/2002/1xxx/CVE-2002-1228.json +++ b/2002/1xxx/CVE-2002-1228.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "47815", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-47815-1" - }, - { - "name" : "20021017 NFS Denial of Service advisory from Sun", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103487058823193&w=2" - }, - { - "name" : "VU#855635", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/855635" - }, - { - "name" : "5986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5986" - }, - { - "name" : "solaris-nfs-lockd-dos(10394)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10394.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47815", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-47815-1" + }, + { + "name": "solaris-nfs-lockd-dos(10394)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10394.php" + }, + { + "name": "20021017 NFS Denial of Service advisory from Sun", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103487058823193&w=2" + }, + { + "name": "VU#855635", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/855635" + }, + { + "name": "5986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5986" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1501.json b/2002/1xxx/CVE-2002-1501.json index 3718da20c0a..a486ee04479 100644 --- a/2002/1xxx/CVE-2002-1501.json +++ b/2002/1xxx/CVE-2002-1501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020913 Scan against Enterasys SSR8000 crash the system", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html" - }, - { - "name" : "http://www.enterasys.com/support/techtips/tk0659-9.html", - "refsource" : "MISC", - "url" : "http://www.enterasys.com/support/techtips/tk0659-9.html" - }, - { - "name" : "5703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5703" - }, - { - "name" : "smartswitch-portscan-dos(10096)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10096.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5703" + }, + { + "name": "20020913 Scan against Enterasys SSR8000 crash the system", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html" + }, + { + "name": "http://www.enterasys.com/support/techtips/tk0659-9.html", + "refsource": "MISC", + "url": "http://www.enterasys.com/support/techtips/tk0659-9.html" + }, + { + "name": "smartswitch-portscan-dos(10096)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10096.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1570.json b/2002/1xxx/CVE-2002-1570.json index ec8592071f9..df248cb6ffb 100644 --- a/2002/1xxx/CVE-2002-1570.json +++ b/2002/1xxx/CVE-2002-1570.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020103 Heap overflow in snmpnetstat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/248141" - }, - { - "name" : "CLA-2003:696", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696" - }, - { - "name" : "3780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3780" - }, - { - "name" : "netsnmp-snmpnetstat-heap-overflow(7776)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020103 Heap overflow in snmpnetstat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/248141" + }, + { + "name": "CLA-2003:696", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696" + }, + { + "name": "netsnmp-snmpnetstat-heap-overflow(7776)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7776" + }, + { + "name": "3780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3780" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1841.json b/2002/1xxx/CVE-2002-1841.json index 5a24fa29e72..192ae23a4f9 100644 --- a/2002/1xxx/CVE-2002-1841.json +++ b/2002/1xxx/CVE-2002-1841.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020702 Noguska Nola 1.1.1 [ Intranet Business Management Software ]", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/280340" - }, - { - "name" : "20020625 Noguska Nola 1.1.1 [ Intranet Business Management Software ]", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=102511114021370&w=2" - }, - { - "name" : "20020702 Re: Noguska Nola 1.1.1 [ Intranet Business Management Software ]", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=102520790718208&w=2" - }, - { - "name" : "5116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5116" - }, - { - "name" : "nola-php-script-upload(9438)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9438.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020625 Noguska Nola 1.1.1 [ Intranet Business Management Software ]", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=102511114021370&w=2" + }, + { + "name": "20020702 Re: Noguska Nola 1.1.1 [ Intranet Business Management Software ]", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=102520790718208&w=2" + }, + { + "name": "20020702 Noguska Nola 1.1.1 [ Intranet Business Management Software ]", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/280340" + }, + { + "name": "nola-php-script-upload(9438)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9438.php" + }, + { + "name": "5116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5116" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2336.json b/2002/2xxx/CVE-2002-2336.json index 9807a7c04fd..a80cf69a193 100644 --- a/2002/2xxx/CVE-2002-2336.json +++ b/2002/2xxx/CVE-2002-2336.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/294411" - }, - { - "name" : "20021008 Re: Multiple Vendor PC firewall remote denial of services Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0156.html" - }, - { - "name" : "5917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5917" - }, - { - "name" : "firewall-autoblock-spoofing-dos(10314)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10314.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021008 Re: Multiple Vendor PC firewall remote denial of services Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0156.html" + }, + { + "name": "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/294411" + }, + { + "name": "5917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5917" + }, + { + "name": "firewall-autoblock-spoofing-dos(10314)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10314.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2363.json b/2002/2xxx/CVE-2002-2363.json index 7824d833815..4eb63fe02c3 100644 --- a/2002/2xxx/CVE-2002-2363.json +++ b/2002/2xxx/CVE-2002-2363.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0208-214", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2002-q3/0064.html" - }, - { - "name" : "5583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5583" - }, - { - "name" : "hp-vje-gain-privileges(9993)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9993.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5583" + }, + { + "name": "hp-vje-gain-privileges(9993)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9993.php" + }, + { + "name": "HPSBUX0208-214", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2002-q3/0064.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0136.json b/2003/0xxx/CVE-2003-0136.json index b2fa120edfd..dfaf6921fc1 100644 --- a/2003/0xxx/CVE-2003-0136.json +++ b/2003/0xxx/CVE-2003-0136.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366" - }, - { - "name" : "DSA-285", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-285" - }, - { - "name" : "RHSA-2003:142", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-142.html" - }, - { - "name" : "oval:org.mitre.oval:def:423", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366" + }, + { + "name": "RHSA-2003:142", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-142.html" + }, + { + "name": "DSA-285", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-285" + }, + { + "name": "oval:org.mitre.oval:def:423", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A423" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0408.json b/2003/0xxx/CVE-2003-0408.json index 53de47f9912..ddd92321b38 100644 --- a/2003/0xxx/CVE-2003-0408.json +++ b/2003/0xxx/CVE-2003-0408.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030527 NuxAcid#002 - Buffer Overflow in UpClient", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105405629622652&w=2" - }, - { - "name" : "upclient-command-line-bo(12131)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/12131.php" - }, - { - "name" : "7703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "upclient-command-line-bo(12131)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/12131.php" + }, + { + "name": "7703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7703" + }, + { + "name": "20030527 NuxAcid#002 - Buffer Overflow in UpClient", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105405629622652&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0491.json b/2003/0xxx/CVE-2003-0491.json index 4de9d33ed56..920fe6d3503 100644 --- a/2003/0xxx/CVE-2003-0491.json +++ b/2003/0xxx/CVE-2003-0491.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030614 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=105577873506147&w=2" - }, - { - "name" : "20030616 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=vuln-dev&m=105577873506147&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030614 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=105577873506147&w=2" + }, + { + "name": "20030616 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=vuln-dev&m=105577873506147&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5055.json b/2009/5xxx/CVE-2009-5055.json index a06bc0c8c53..b8ca0a91851 100644 --- a/2009/5xxx/CVE-2009-5055.json +++ b/2009/5xxx/CVE-2009-5055.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.otrs.org/show_bug.cgi?id=4105", - "refsource" : "CONFIRM", - "url" : "http://bugs.otrs.org/show_bug.cgi?id=4105" - }, - { - "name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", - "refsource" : "CONFIRM", - "url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.otrs.org/show_bug.cgi?id=4105", + "refsource": "CONFIRM", + "url": "http://bugs.otrs.org/show_bug.cgi?id=4105" + }, + { + "name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", + "refsource": "CONFIRM", + "url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0408.json b/2012/0xxx/CVE-2012-0408.json index b02a110893f..720eee7f005 100644 --- a/2012/0xxx/CVE-2012-0408.json +++ b/2012/0xxx/CVE-2012-0408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0408", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-0408", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0452.json b/2012/0xxx/CVE-2012-0452.json index 17aec20a1b0..c30377acbd8 100644 --- a/2012/0xxx/CVE-2012-0452.json +++ b/2012/0xxx/CVE-2012-0452.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-10.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=724284", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=724284" - }, - { - "name" : "MDVSA-2012:017", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:017" - }, - { - "name" : "MDVSA-2012:018", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:018" - }, - { - "name" : "SUSE-SU-2012:0261", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00013.html" - }, - { - "name" : "openSUSE-SU-2012:0258", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00012.html" - }, - { - "name" : "USN-1360-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1360-1" - }, - { - "name" : "51975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51975" - }, - { - "name" : "oval:org.mitre.oval:def:15017", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15017" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - }, - { - "name" : "48110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48110" + }, + { + "name": "SUSE-SU-2012:0261", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00013.html" + }, + { + "name": "MDVSA-2012:017", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:017" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=724284", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=724284" + }, + { + "name": "MDVSA-2012:018", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:018" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "openSUSE-SU-2012:0258", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00012.html" + }, + { + "name": "USN-1360-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1360-1" + }, + { + "name": "oval:org.mitre.oval:def:15017", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15017" + }, + { + "name": "51975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51975" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-10.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-10.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1359.json b/2012/1xxx/CVE-2012-1359.json index 49b90a006eb..2a19d3c2c9e 100644 --- a/2012/1xxx/CVE-2012-1359.json +++ b/2012/1xxx/CVE-2012-1359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1359", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1359", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1388.json b/2012/1xxx/CVE-2012-1388.json index 0ddbef92257..6b745bd184e 100644 --- a/2012/1xxx/CVE-2012-1388.json +++ b/2012/1xxx/CVE-2012-1388.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3218.json b/2012/3xxx/CVE-2012-3218.json index 6d0d067ea1b..1205bfea38d 100644 --- a/2012/3xxx/CVE-2012-3218.json +++ b/2012/3xxx/CVE-2012-3218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3850.json b/2012/3xxx/CVE-2012-3850.json index 013be4a7bf7..41a08f6bd03 100644 --- a/2012/3xxx/CVE-2012-3850.json +++ b/2012/3xxx/CVE-2012-3850.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3850", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3850", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4016.json b/2012/4xxx/CVE-2012-4016.json index 74d490ba87e..36979a1a25b 100644 --- a/2012/4xxx/CVE-2012-4016.json +++ b/2012/4xxx/CVE-2012-4016.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#93344001", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN93344001/index.html" - }, - { - "name" : "JVNDB-2012-000089", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000089" - }, - { - "name" : "55728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55728" - }, - { - "name" : "85808", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55728" + }, + { + "name": "JVN#93344001", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN93344001/index.html" + }, + { + "name": "85808", + "refsource": "OSVDB", + "url": "http://osvdb.org/85808" + }, + { + "name": "JVNDB-2012-000089", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000089" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4019.json b/2012/4xxx/CVE-2012-4019.json index 100f34b5bef..30b2260ca7a 100644 --- a/2012/4xxx/CVE-2012-4019.json +++ b/2012/4xxx/CVE-2012-4019.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN00322303/995209/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN00322303/995209/index.html" - }, - { - "name" : "JVN#00322303", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN00322303/index.html" - }, - { - "name" : "JVNDB-2012-000093", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000093" - }, - { - "name" : "86722", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86722" - }, - { - "name" : "tokyobbs-tokyobbs-xss(79633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#00322303", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN00322303/index.html" + }, + { + "name": "JVNDB-2012-000093", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000093" + }, + { + "name": "86722", + "refsource": "OSVDB", + "url": "http://osvdb.org/86722" + }, + { + "name": "tokyobbs-tokyobbs-xss(79633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79633" + }, + { + "name": "http://jvn.jp/en/jp/JVN00322303/995209/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN00322303/995209/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4114.json b/2012/4xxx/CVE-2012-4114.json index 80228939554..bb56d9d7973 100644 --- a/2012/4xxx/CVE-2012-4114.json +++ b/2012/4xxx/CVE-2012-4114.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131017 Cisco Unified Computing System Fabric Interconnect Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131017 Cisco Unified Computing System Fabric Interconnect Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4114" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4359.json b/2012/4xxx/CVE-2012-4359.json index 0bef6459dcf..969462f26fd 100644 --- a/2012/4xxx/CVE-2012-4359.json +++ b/2012/4xxx/CVE-2012-4359.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.org/adv/winlog_2-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/winlog_2-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf" - }, - { - "name" : "http://www.sielcosistemi.com/en/news/index.html?id=70", - "refsource" : "CONFIRM", - "url" : "http://www.sielcosistemi.com/en/news/index.html?id=70" - }, - { - "name" : "49395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.org/adv/winlog_2-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/winlog_2-adv.txt" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf" + }, + { + "name": "49395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49395" + }, + { + "name": "http://www.sielcosistemi.com/en/news/index.html?id=70", + "refsource": "CONFIRM", + "url": "http://www.sielcosistemi.com/en/news/index.html?id=70" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4475.json b/2012/4xxx/CVE-2012-4475.json index 70d528a5998..e29e73dbfda 100644 --- a/2012/4xxx/CVE-2012-4475.json +++ b/2012/4xxx/CVE-2012-4475.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/3" - }, - { - "name" : "http://drupal.org/node/1679532", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1679532" - }, - { - "name" : "http://drupal.org/node/1648200", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1648200" - }, - { - "name" : "http://drupal.org/node/1648204", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1648204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1648204", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1648204" + }, + { + "name": "http://drupal.org/node/1679532", + "refsource": "MISC", + "url": "http://drupal.org/node/1679532" + }, + { + "name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3" + }, + { + "name": "http://drupal.org/node/1648200", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1648200" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4631.json b/2012/4xxx/CVE-2012-4631.json index 155bff51b47..c89c762a650 100644 --- a/2012/4xxx/CVE-2012-4631.json +++ b/2012/4xxx/CVE-2012-4631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2042.json b/2017/2xxx/CVE-2017-2042.json index 68a0f793c39..47734800803 100644 --- a/2017/2xxx/CVE-2017-2042.json +++ b/2017/2xxx/CVE-2017-2042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2042", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2042", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2304.json b/2017/2xxx/CVE-2017-2304.json index 6f21545666e..4a428a9d9a7 100644 --- a/2017/2xxx/CVE-2017-2304.json +++ b/2017/2xxx/CVE-2017-2304.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices", - "version" : { - "version_data" : [ - { - "version_value" : "14.1X53 prior to 14.1X53-D40" - }, - { - "version_value" : "15.1X53 prior to 15.1X53-D40" - }, - { - "version_value" : "15.1 prior to 15.1R2" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leak" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices", + "version": { + "version_data": [ + { + "version_value": "14.1X53 prior to 14.1X53-D40" + }, + { + "version_value": "15.1X53 prior to 15.1X53-D40" + }, + { + "version_value": "15.1 prior to 15.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10773", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10773" - }, - { - "name" : "95403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95403" - }, - { - "name" : "1037593", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037593", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037593" + }, + { + "name": "95403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95403" + }, + { + "name": "https://kb.juniper.net/JSA10773", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10773" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2466.json b/2017/2xxx/CVE-2017-2466.json index 2a1d68c0c20..5e35251e3e5 100644 --- a/2017/2xxx/CVE-2017-2466.json +++ b/2017/2xxx/CVE-2017-2466.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41812", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41812/" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1097", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1097" - }, - { - "name" : "https://twitter.com/ifsecure/status/849292853792657413", - "refsource" : "MISC", - "url" : "https://twitter.com/ifsecure/status/849292853792657413" - }, - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97130" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1097", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1097" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97130" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://twitter.com/ifsecure/status/849292853792657413", + "refsource": "MISC", + "url": "https://twitter.com/ifsecure/status/849292853792657413" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "41812", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41812/" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2560.json b/2017/2xxx/CVE-2017-2560.json index 9c387af75f4..b34a3bae81e 100644 --- a/2017/2xxx/CVE-2017-2560.json +++ b/2017/2xxx/CVE-2017-2560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2560", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2560", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2620.json b/2017/2xxx/CVE-2017-2620.json index 9af7de7682b..6581d50482b 100644 --- a/2017/2xxx/CVE-2017-2620.json +++ b/2017/2xxx/CVE-2017-2620.json @@ -1,188 +1,188 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Qemu:", - "version" : { - "version_data" : [ - { - "version_value" : "2.8" - } - ] - } - } - ] - }, - "vendor_name" : "QEMU" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Qemu:", + "version": { + "version_data": [ + { + "version_value": "2.8" + } + ] + } + } + ] + }, + "vendor_name": "QEMU" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/21/1" - }, - { - "name" : "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html" - }, - { - "name" : "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-209.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-209.html" - }, - { - "name" : "https://support.citrix.com/article/CTX220771", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX220771" - }, - { - "name" : "GLSA-201703-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201703-07" - }, - { - "name" : "GLSA-201704-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-01" - }, - { - "name" : "RHSA-2017:0328", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0328.html" - }, - { - "name" : "RHSA-2017:0329", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0329.html" - }, - { - "name" : "RHSA-2017:0330", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0330.html" - }, - { - "name" : "RHSA-2017:0331", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0331.html" - }, - { - "name" : "RHSA-2017:0332", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0332.html" - }, - { - "name" : "RHSA-2017:0333", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0333.html" - }, - { - "name" : "RHSA-2017:0334", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0334.html" - }, - { - "name" : "RHSA-2017:0350", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0350.html" - }, - { - "name" : "RHSA-2017:0351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0351.html" - }, - { - "name" : "RHSA-2017:0352", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0352.html" - }, - { - "name" : "RHSA-2017:0396", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0396.html" - }, - { - "name" : "RHSA-2017:0454", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0454.html" - }, - { - "name" : "96378", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96378" - }, - { - "name" : "1037870", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0329", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html" + }, + { + "name": "RHSA-2017:0334", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html" + }, + { + "name": "1037870", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037870" + }, + { + "name": "RHSA-2017:0328", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "RHSA-2017:0333", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html" + }, + { + "name": "RHSA-2017:0351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html" + }, + { + "name": "RHSA-2017:0454", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-209.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-209.html" + }, + { + "name": "RHSA-2017:0331", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620" + }, + { + "name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1" + }, + { + "name": "RHSA-2017:0350", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html" + }, + { + "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html" + }, + { + "name": "RHSA-2017:0396", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html" + }, + { + "name": "GLSA-201704-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-01" + }, + { + "name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html" + }, + { + "name": "RHSA-2017:0352", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html" + }, + { + "name": "RHSA-2017:0330", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html" + }, + { + "name": "RHSA-2017:0332", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html" + }, + { + "name": "96378", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96378" + }, + { + "name": "https://support.citrix.com/article/CTX220771", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX220771" + }, + { + "name": "GLSA-201703-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201703-07" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2984.json b/2017/2xxx/CVE-2017-2984.json index 4f415afff34..a3245725a28 100644 --- a/2017/2xxx/CVE-2017-2984.json +++ b/2017/2xxx/CVE-2017-2984.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.194 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.194 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.194 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.194 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0275", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0275.html" - }, - { - "name" : "96193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96193" - }, - { - "name" : "1037815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "RHSA-2017:0275", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" + }, + { + "name": "96193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96193" + }, + { + "name": "1037815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037815" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2986.json b/2017/2xxx/CVE-2017-2986.json index 008a877901d..eff9f8662e5 100644 --- a/2017/2xxx/CVE-2017-2986.json +++ b/2017/2xxx/CVE-2017-2986.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.194 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.194 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.194 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.194 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41423", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41423/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0275", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0275.html" - }, - { - "name" : "96193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96193" - }, - { - "name" : "1037815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "RHSA-2017:0275", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" + }, + { + "name": "96193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96193" + }, + { + "name": "1037815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037815" + }, + { + "name": "41423", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41423/" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6316.json b/2017/6xxx/CVE-2017-6316.json index 09b497a5957..1cfef66e979 100644 --- a/2017/6xxx/CVE-2017-6316.json +++ b/2017/6xxx/CVE-2017-6316.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42345", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42345/" - }, - { - "name" : "42346", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42346/" - }, - { - "name" : "https://support.citrix.com/article/CTX225990", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX225990" - }, - { - "name" : "99943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99943" - }, - { - "name" : "1039019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039019" + }, + { + "name": "https://support.citrix.com/article/CTX225990", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX225990" + }, + { + "name": "42345", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42345/" + }, + { + "name": "99943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99943" + }, + { + "name": "42346", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42346/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6844.json b/2017/6xxx/CVE-2017-6844.json index 33b47ce9ef3..a3e757b14ec 100644 --- a/2017/6xxx/CVE-2017-6844.json +++ b/2017/6xxx/CVE-2017-6844.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7302.json b/2017/7xxx/CVE-2017-7302.json index 5003e0952fd..8cb7c193e32 100644 --- a/2017/7xxx/CVE-2017-7302.json +++ b/2017/7xxx/CVE-2017-7302.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20921", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" - }, - { - "name" : "97216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20921", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" + }, + { + "name": "97216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97216" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7548.json b/2017/7xxx/CVE-2017-7548.json index c809e1c866d..357ed5d2678 100644 --- a/2017/7xxx/CVE-2017-7548.json +++ b/2017/7xxx/CVE-2017-7548.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-08-10T00:00:00", - "ID" : "CVE-2017-7548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql", - "version" : { - "version_data" : [ - { - "version_value" : "9.4.x before 9.4.13" - }, - { - "version_value" : "9.5.x before 9.5.8" - }, - { - "version_value" : "9.6.x before 9.6.4" - } - ] - } - } - ] - }, - "vendor_name" : "PostgreSQL" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-862" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-08-10T00:00:00", + "ID": "CVE-2017-7548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "9.4.x before 9.4.13" + }, + { + "version_value": "9.5.x before 9.5.8" + }, + { + "version_value": "9.6.x before 9.6.4" + } + ] + } + } + ] + }, + "vendor_name": "PostgreSQL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.postgresql.org/about/news/1772/", - "refsource" : "CONFIRM", - "url" : "https://www.postgresql.org/about/news/1772/" - }, - { - "name" : "DSA-3936", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3936" - }, - { - "name" : "DSA-3935", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3935" - }, - { - "name" : "GLSA-201710-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-06" - }, - { - "name" : "RHSA-2017:2677", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2677" - }, - { - "name" : "RHSA-2017:2678", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2678" - }, - { - "name" : "100276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100276" - }, - { - "name" : "1039142", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3936", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3936" + }, + { + "name": "RHSA-2017:2678", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2678" + }, + { + "name": "DSA-3935", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3935" + }, + { + "name": "1039142", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039142" + }, + { + "name": "https://www.postgresql.org/about/news/1772/", + "refsource": "CONFIRM", + "url": "https://www.postgresql.org/about/news/1772/" + }, + { + "name": "100276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100276" + }, + { + "name": "GLSA-201710-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-06" + }, + { + "name": "RHSA-2017:2677", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2677" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10087.json b/2018/10xxx/CVE-2018-10087.json index f0e7a389f93..3fccf1181c7 100644 --- a/2018/10xxx/CVE-2018-10087.json +++ b/2018/10xxx/CVE-2018-10087.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4" - }, - { - "name" : "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4" - }, - { - "name" : "https://news.ycombinator.com/item?id=2972021", - "refsource" : "MISC", - "url" : "https://news.ycombinator.com/item?id=2972021" - }, - { - "name" : "USN-3696-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3696-1/" - }, - { - "name" : "USN-3696-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3696-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "103774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3696-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3696-1/" + }, + { + "name": "https://news.ycombinator.com/item?id=2972021", + "refsource": "MISC", + "url": "https://news.ycombinator.com/item?id=2972021" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4" + }, + { + "name": "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4" + }, + { + "name": "USN-3696-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3696-2/" + }, + { + "name": "103774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103774" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10733.json b/2018/10xxx/CVE-2018-10733.json index d970d7134c5..33450a3c2a3 100644 --- a/2018/10xxx/CVE-2018-10733.json +++ b/2018/10xxx/CVE-2018-10733.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1574844", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1574844" - }, - { - "name" : "RHSA-2018:3140", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3140" - }, - { - "name" : "RHSA-2018:3505", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" + }, + { + "name": "RHSA-2018:3140", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3140" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1574844", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574844" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10856.json b/2018/10xxx/CVE-2018-10856.json index 23766b9f50e..fe414baee5a 100644 --- a/2018/10xxx/CVE-2018-10856.json +++ b/2018/10xxx/CVE-2018-10856.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "podman", - "version" : { - "version_data" : [ - { - "version_value" : "podman 0.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-250" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "podman", + "version": { + "version_data": [ + { + "version_value": "podman 0.6.1" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856" - }, - { - "name" : "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24", - "refsource" : "CONFIRM", - "url" : "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24" - }, - { - "name" : "RHSA-2018:2037", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856" + }, + { + "name": "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24", + "refsource": "CONFIRM", + "url": "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24" + }, + { + "name": "RHSA-2018:2037", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2037" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14459.json b/2018/14xxx/CVE-2018-14459.json index 5794b30808b..20c77d5ddfa 100644 --- a/2018/14xxx/CVE-2018-14459.json +++ b/2018/14xxx/CVE-2018-14459.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14512.json b/2018/14xxx/CVE-2018-14512.json index 2ed274cfa8b..4abd933848a 100644 --- a/2018/14xxx/CVE-2018-14512.json +++ b/2018/14xxx/CVE-2018-14512.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the \"system settings - mail server\" screen, the XSS payload is triggered." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuzhicms/wuzhicms/issues/143", - "refsource" : "MISC", - "url" : "https://github.com/wuzhicms/wuzhicms/issues/143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the \"system settings - mail server\" screen, the XSS payload is triggered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wuzhicms/wuzhicms/issues/143", + "refsource": "MISC", + "url": "https://github.com/wuzhicms/wuzhicms/issues/143" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14889.json b/2018/14xxx/CVE-2018-14889.json index 54557300db1..d8baf40d13d 100644 --- a/2018/14xxx/CVE-2018-14889.json +++ b/2018/14xxx/CVE-2018-14889.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vectra.ai/security-advisories", - "refsource" : "CONFIRM", - "url" : "https://vectra.ai/security-advisories" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vectra.ai/security-advisories", + "refsource": "CONFIRM", + "url": "https://vectra.ai/security-advisories" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15493.json b/2018/15xxx/CVE-2018-15493.json index a370c230db1..a2ff85d33c4 100644 --- a/2018/15xxx/CVE-2018-15493.json +++ b/2018/15xxx/CVE-2018-15493.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vBulletin 5.4.3 has an Open Redirect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt", - "refsource" : "MISC", - "url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vBulletin 5.4.3 has an Open Redirect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt", + "refsource": "MISC", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20169.json b/2018/20xxx/CVE-2018-20169.json index 0187b873cc0..339139bfe76 100644 --- a/2018/20xxx/CVE-2018-20169.json +++ b/2018/20xxx/CVE-2018-20169.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf" - }, - { - "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9", - "refsource" : "MISC", - "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9" - }, - { - "name" : "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf" - }, - { - "name" : "USN-3879-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3879-1/" - }, - { - "name" : "USN-3879-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3879-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3879-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3879-2/" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf" + }, + { + "name": "USN-3879-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3879-1/" + }, + { + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9", + "refsource": "MISC", + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9" + }, + { + "name": "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20595.json b/2018/20xxx/CVE-2018-20595.json index c763e2ad1b4..c11322f2d2f 100644 --- a/2018/20xxx/CVE-2018-20595.json +++ b/2018/20xxx/CVE-2018-20595.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2", - "refsource" : "MISC", - "url" : "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2" - }, - { - "name" : "https://github.com/hs-web/hsweb-framework/issues/107", - "refsource" : "MISC", - "url" : "https://github.com/hs-web/hsweb-framework/issues/107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2", + "refsource": "MISC", + "url": "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2" + }, + { + "name": "https://github.com/hs-web/hsweb-framework/issues/107", + "refsource": "MISC", + "url": "https://github.com/hs-web/hsweb-framework/issues/107" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20602.json b/2018/20xxx/CVE-2018-20602.json index 063e5671def..8f78f39a29e 100644 --- a/2018/20xxx/CVE-2018-20602.json +++ b/2018/20xxx/CVE-2018-20602.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20768.json b/2018/20xxx/CVE-2018-20768.json index 5e3d6f0faae..7bf7f9455f4 100644 --- a/2018/20xxx/CVE-2018-20768.json +++ b/2018/20xxx/CVE-2018-20768.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf", + "refsource": "CONFIRM", + "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9336.json b/2018/9xxx/CVE-2018-9336.json index 55c63d89ed5..aaa7c5f3ae6 100644 --- a/2018/9xxx/CVE-2018-9336.json +++ b/2018/9xxx/CVE-2018-9336.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-09", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-09" - }, - { - "name" : "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24", - "refsource" : "CONFIRM", - "url" : "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24" - }, - { - "name" : "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b", - "refsource" : "CONFIRM", - "url" : "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b" - }, - { - "name" : "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6", - "refsource" : "CONFIRM", - "url" : "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6" - }, - { - "name" : "SSA:2018-116-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6", + "refsource": "CONFIRM", + "url": "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6" + }, + { + "name": "SSA:2018-116-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-09", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-09" + }, + { + "name": "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b", + "refsource": "CONFIRM", + "url": "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b" + }, + { + "name": "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24", + "refsource": "CONFIRM", + "url": "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9776.json b/2018/9xxx/CVE-2018-9776.json index bc02db6a01b..a7bd3f34406 100644 --- a/2018/9xxx/CVE-2018-9776.json +++ b/2018/9xxx/CVE-2018-9776.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9776", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9776", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9955.json b/2018/9xxx/CVE-2018-9955.json index 8ea78f136d5..a21a02fdea9 100644 --- a/2018/9xxx/CVE-2018-9955.json +++ b/2018/9xxx/CVE-2018-9955.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-339", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-339" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-339", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-339" + } + ] + } +} \ No newline at end of file