diff --git a/2002/0xxx/CVE-2002-0449.json b/2002/0xxx/CVE-2002-0449.json index 442a15cfab7..4cb23c5bf8e 100644 --- a/2002/0xxx/CVE-2002-0449.json +++ b/2002/0xxx/CVE-2002-0449.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020305 Buffer Overrun in Talentsoft's Web+ (#NISR01032002A)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101535141925150&w=2" - }, - { - "name" : "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943", - "refsource" : "CONFIRM", - "url" : "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943" - }, - { - "name" : "VU#159907", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/159907" - }, - { - "name" : "4233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4233" - }, - { - "name" : "webplus-webpsvc-bo(8361)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8361.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#159907", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/159907" + }, + { + "name": "4233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4233" + }, + { + "name": "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943", + "refsource": "CONFIRM", + "url": "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943" + }, + { + "name": "webplus-webpsvc-bo(8361)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8361.php" + }, + { + "name": "20020305 Buffer Overrun in Talentsoft's Web+ (#NISR01032002A)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101535141925150&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0522.json b/2002/0xxx/CVE-2002-0522.json index 54573eb4569..0e8a5dff2d5 100644 --- a/2002/0xxx/CVE-2002-0522.json +++ b/2002/0xxx/CVE-2002-0522.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the \"pseudo\" cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020409 Security holes in ASP-Nuke", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/266705" - }, - { - "name" : "http://www.asp-nuke.com/news.asp?date=20020412&cat=11", - "refsource" : "CONFIRM", - "url" : "http://www.asp-nuke.com/news.asp?date=20020412&cat=11" - }, - { - "name" : "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt" - }, - { - "name" : "aspnuke-account-hijacking(8832)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8832.php" - }, - { - "name" : "4484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the \"pseudo\" cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspnuke-account-hijacking(8832)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8832.php" + }, + { + "name": "20020409 Security holes in ASP-Nuke", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/266705" + }, + { + "name": "http://www.asp-nuke.com/news.asp?date=20020412&cat=11", + "refsource": "CONFIRM", + "url": "http://www.asp-nuke.com/news.asp?date=20020412&cat=11" + }, + { + "name": "4484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4484" + }, + { + "name": "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0554.json b/2002/0xxx/CVE-2002-0554.json index b9f4baad5ce..abaee2e26a6 100644 --- a/2002/0xxx/CVE-2002-0554.json +++ b/2002/0xxx/CVE-2002-0554.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020411 IBM Informix Web DataBlade: SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html" - }, - { - "name" : "4496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4496" - }, - { - "name" : "informix-wdm-sql-injection(8826)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8826.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4496" + }, + { + "name": "20020411 IBM Informix Web DataBlade: SQL injection", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html" + }, + { + "name": "informix-wdm-sql-injection(8826)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8826.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1330.json b/2002/1xxx/CVE-2002-1330.json index 254fe20b60d..40437639b11 100644 --- a/2002/1xxx/CVE-2002-1330.json +++ b/2002/1xxx/CVE-2002-1330.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1330", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1330", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1365.json b/2002/1xxx/CVE-2002-1365.json index f5c40dde017..f80ee58c80c 100644 --- a/2002/1xxx/CVE-2002-1365.json +++ b/2002/1xxx/CVE-2002-1365.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the \"@\" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103979751818638&w=2" - }, - { - "name" : "http://security.e-matters.de/advisories/052002.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/052002.html" - }, - { - "name" : "20021215 GLSA: fetchmail", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104004858802000&w=2" - }, - { - "name" : "CSSA-2003-001.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-001.0.txt" - }, - { - "name" : "CLA-2002:554", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554" - }, - { - "name" : "DSA-216", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-216" - }, - { - "name" : "MDKSA-2003:011", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011" - }, - { - "name" : "RHSA-2002:293", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-293.html" - }, - { - "name" : "RHSA-2002:294", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-294.html" - }, - { - "name" : "RHSA-2003:155", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-155.html" - }, - { - "name" : "6390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6390" - }, - { - "name" : "fetchmail-address-header-bo(10839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the \"@\" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6390" + }, + { + "name": "MDKSA-2003:011", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011" + }, + { + "name": "20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103979751818638&w=2" + }, + { + "name": "20021215 GLSA: fetchmail", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104004858802000&w=2" + }, + { + "name": "DSA-216", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-216" + }, + { + "name": "fetchmail-address-header-bo(10839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10839" + }, + { + "name": "RHSA-2002:293", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-293.html" + }, + { + "name": "CLA-2002:554", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554" + }, + { + "name": "RHSA-2002:294", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-294.html" + }, + { + "name": "RHSA-2003:155", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-155.html" + }, + { + "name": "CSSA-2003-001.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-001.0.txt" + }, + { + "name": "http://security.e-matters.de/advisories/052002.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/052002.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1595.json b/2002/1xxx/CVE-2002-1595.json index f87fd670f3b..101262d7da6 100644 --- a/2002/1xxx/CVE-2002-1595.json +++ b/2002/1xxx/CVE-2002-1595.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml" - }, - { - "name" : "VU#833459", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/833459" - }, - { - "name" : "3832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3832" - }, - { - "name" : "cisco-sn-view-configuration(7828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-sn-view-configuration(7828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7828" + }, + { + "name": "3832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3832" + }, + { + "name": "20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml" + }, + { + "name": "VU#833459", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/833459" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2017.json b/2002/2xxx/CVE-2002-2017.json index 91e9116f4f8..2814059fc30 100644 --- a/2002/2xxx/CVE-2002-2017.json +++ b/2002/2xxx/CVE-2002-2017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020130 sastcpd 8.0 'authprog' local root vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/253183" - }, - { - "name" : "3994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3994" - }, - { - "name" : "sas-sastcpd-authprog-env(8024)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8024.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3994" + }, + { + "name": "sas-sastcpd-authprog-env(8024)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8024.php" + }, + { + "name": "20020130 sastcpd 8.0 'authprog' local root vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/253183" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2070.json b/2002/2xxx/CVE-2002-2070.json index 234e1aea67e..acf8886538c 100644 --- a/2002/2xxx/CVE-2002-2070.json +++ b/2002/2xxx/CVE-2002-2070.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/251565" - }, - { - "name" : "http://www.seifried.org/security/advisories/kssa-003.html", - "refsource" : "MISC", - "url" : "http://www.seifried.org/security/advisories/kssa-003.html" - }, - { - "name" : "M-034", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-034.shtml" - }, - { - "name" : "3912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3912" - }, - { - "name" : "ntfs-ads-file-wipe(7953)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7953.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3912" + }, + { + "name": "http://www.seifried.org/security/advisories/kssa-003.html", + "refsource": "MISC", + "url": "http://www.seifried.org/security/advisories/kssa-003.html" + }, + { + "name": "ntfs-ads-file-wipe(7953)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7953.php" + }, + { + "name": "M-034", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-034.shtml" + }, + { + "name": "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/251565" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0499.json b/2003/0xxx/CVE-2003-0499.json index 38f96423ff6..db29b8905b8 100644 --- a/2003/0xxx/CVE-2003-0499.json +++ b/2003/0xxx/CVE-2003-0499.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-335", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2003/dsa-335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-335", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2003/dsa-335" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0992.json b/2003/0xxx/CVE-2003-0992.json index e0201627f58..6f96947ae78 100644 --- a/2003/0xxx/CVE-2003-0992.json +++ b/2003/0xxx/CVE-2003-0992.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html", - "refsource" : "CONFIRM", - "url" : "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html" - }, - { - "name" : "CLA-2004:842", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842" - }, - { - "name" : "RHSA-2004:020", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-020.html" - }, - { - "name" : "MDKSA-2004:013", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013" - }, - { - "name" : "oval:org.mitre.oval:def:815", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:020", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-020.html" + }, + { + "name": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html", + "refsource": "CONFIRM", + "url": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html" + }, + { + "name": "MDKSA-2004:013", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013" + }, + { + "name": "oval:org.mitre.oval:def:815", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815" + }, + { + "name": "CLA-2004:842", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1311.json b/2005/1xxx/CVE-2005-1311.json index 8d964297530..fc8740abe2c 100644 --- a/2005/1xxx/CVE-2005-1311.json +++ b/2005/1xxx/CVE-2005-1311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=323206", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=323206" - }, - { - "name" : "13372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13372" - }, - { - "name" : "15828", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15828" - }, - { - "name" : "15107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15107" + }, + { + "name": "13372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13372" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=323206", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=323206" + }, + { + "name": "15828", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15828" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1838.json b/2009/1xxx/CVE-2009-1838.json index 872064d86c0..0114288d431 100644 --- a/2009/1xxx/CVE-2009-1838.json +++ b/2009/1xxx/CVE-2009-1838.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489131", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489131" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503580", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503580" - }, - { - "name" : "DSA-1820", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1820" - }, - { - "name" : "DSA-1830", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1830" - }, - { - "name" : "FEDORA-2009-6366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" - }, - { - "name" : "FEDORA-2009-6411", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" - }, - { - "name" : "FEDORA-2009-7567", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html" - }, - { - "name" : "FEDORA-2009-7614", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html" - }, - { - "name" : "MDVSA-2009:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" - }, - { - "name" : "RHSA-2009:1095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html" - }, - { - "name" : "RHSA-2009:1096", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1096.html" - }, - { - "name" : "RHSA-2009:1125", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1125.html" - }, - { - "name" : "RHSA-2009:1126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1126.html" - }, - { - "name" : "SSA:2009-167-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" - }, - { - "name" : "SSA:2009-176-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408" - }, - { - "name" : "SSA:2009-178-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" - }, - { - "name" : "264308", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" - }, - { - "name" : "USN-782-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-782-1" - }, - { - "name" : "35326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35326" - }, - { - "name" : "35383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35383" - }, - { - "name" : "55157", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55157" - }, - { - "name" : "oval:org.mitre.oval:def:11080", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080" - }, - { - "name" : "1022397", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022397" - }, - { - "name" : "35331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35331" - }, - { - "name" : "35428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35428" - }, - { - "name" : "35431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35431" - }, - { - "name" : "35439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35439" - }, - { - "name" : "35440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35440" - }, - { - "name" : "35468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35468" - }, - { - "name" : "35536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35536" - }, - { - "name" : "35415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35415" - }, - { - "name" : "35561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35561" - }, - { - "name" : "35602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35602" - }, - { - "name" : "35882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35882" - }, - { - "name" : "ADV-2009-1572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=489131", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=489131" + }, + { + "name": "ADV-2009-1572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1572" + }, + { + "name": "RHSA-2009:1096", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1096.html" + }, + { + "name": "oval:org.mitre.oval:def:11080", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080" + }, + { + "name": "SSA:2009-178-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" + }, + { + "name": "DSA-1830", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1830" + }, + { + "name": "35536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35536" + }, + { + "name": "35602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35602" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-29.html" + }, + { + "name": "RHSA-2009:1125", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html" + }, + { + "name": "FEDORA-2009-7614", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html" + }, + { + "name": "35326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35326" + }, + { + "name": "35440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35440" + }, + { + "name": "FEDORA-2009-6411", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" + }, + { + "name": "USN-782-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-782-1" + }, + { + "name": "35428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35428" + }, + { + "name": "35431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35431" + }, + { + "name": "FEDORA-2009-7567", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html" + }, + { + "name": "35331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35331" + }, + { + "name": "35468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35468" + }, + { + "name": "35439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35439" + }, + { + "name": "35882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35882" + }, + { + "name": "FEDORA-2009-6366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" + }, + { + "name": "MDVSA-2009:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" + }, + { + "name": "35415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35415" + }, + { + "name": "RHSA-2009:1095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html" + }, + { + "name": "35383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35383" + }, + { + "name": "SSA:2009-167-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" + }, + { + "name": "55157", + "refsource": "OSVDB", + "url": "http://osvdb.org/55157" + }, + { + "name": "35561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35561" + }, + { + "name": "SSA:2009-176-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=503580", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580" + }, + { + "name": "DSA-1820", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1820" + }, + { + "name": "RHSA-2009:1126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html" + }, + { + "name": "264308", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" + }, + { + "name": "1022397", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022397" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1878.json b/2009/1xxx/CVE-2009-1878.json index 94c94bbf656..bc471525533 100644 --- a/2009/1xxx/CVE-2009-1878.json +++ b/2009/1xxx/CVE-2009-1878.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-12.html" - }, - { - "name" : "57191", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" + }, + { + "name": "57191", + "refsource": "OSVDB", + "url": "http://osvdb.org/57191" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0092.json b/2012/0xxx/CVE-2012-0092.json index 45b3c15c99b..506cb8ce79c 100644 --- a/2012/0xxx/CVE-2012-0092.json +++ b/2012/0xxx/CVE-2012-0092.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0157.json b/2012/0xxx/CVE-2012-0157.json index 93213923d1c..f5fdbd321f8 100644 --- a/2012/0xxx/CVE-2012-0157.json +++ b/2012/0xxx/CVE-2012-0157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka \"PostMessage Function Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-018" - }, - { - "name" : "TA12-073A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-073A.html" - }, - { - "name" : "80002", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80002" - }, - { - "name" : "oval:org.mitre.oval:def:14217", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka \"PostMessage Function Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-073A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html" + }, + { + "name": "MS12-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-018" + }, + { + "name": "oval:org.mitre.oval:def:14217", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14217" + }, + { + "name": "80002", + "refsource": "OSVDB", + "url": "http://osvdb.org/80002" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0208.json b/2012/0xxx/CVE-2012-0208.json index 8d3b826f260..759963388b5 100644 --- a/2012/0xxx/CVE-2012-0208.json +++ b/2012/0xxx/CVE-2012-0208.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2012-0208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "DSA-2472", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2472" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026950" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "DSA-2472", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2472" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0519.json b/2012/0xxx/CVE-2012-0519.json index a010ef3d9b0..4273fae2efe 100644 --- a/2012/0xxx/CVE-2012-0519.json +++ b/2012/0xxx/CVE-2012-0519.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53072" - }, - { - "name" : "1026929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026929" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "53072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53072" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0760.json b/2012/0xxx/CVE-2012-0760.json index 30a1baaa4de..8f8755ca481 100644 --- a/2012/0xxx/CVE-2012-0760.json +++ b/2012/0xxx/CVE-2012-0760.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0938.json b/2012/0xxx/CVE-2012-0938.json index 415023e5e9d..cf2c0295ccc 100644 --- a/2012/0xxx/CVE-2012-0938.json +++ b/2012/0xxx/CVE-2012-0938.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120220 SQL Injection Vulnerabilities in TestLink", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0104.html" - }, - { - "name" : "52086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52086" - }, - { - "name" : "79450", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79450" - }, - { - "name" : "79451", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79451" - }, - { - "name" : "79452", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79452" - }, - { - "name" : "79453", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79453" - }, - { - "name" : "79454", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79454" - }, - { - "name" : "48054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48054" - }, - { - "name" : "testlink-multiple-scripts-sql-injection(73327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79451", + "refsource": "OSVDB", + "url": "http://osvdb.org/79451" + }, + { + "name": "79453", + "refsource": "OSVDB", + "url": "http://osvdb.org/79453" + }, + { + "name": "20120220 SQL Injection Vulnerabilities in TestLink", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0104.html" + }, + { + "name": "48054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48054" + }, + { + "name": "79454", + "refsource": "OSVDB", + "url": "http://osvdb.org/79454" + }, + { + "name": "79452", + "refsource": "OSVDB", + "url": "http://osvdb.org/79452" + }, + { + "name": "testlink-multiple-scripts-sql-injection(73327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73327" + }, + { + "name": "79450", + "refsource": "OSVDB", + "url": "http://osvdb.org/79450" + }, + { + "name": "52086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52086" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0973.json b/2012/0xxx/CVE-2012-0973.json index 5e67d34e23b..5dcfa8d7457 100644 --- a/2012/0xxx/CVE-2012-0973.json +++ b/2012/0xxx/CVE-2012-0973.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120125 Multiple vulnerabilities in OSclass", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0157.html" - }, - { - "name" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html" - }, - { - "name" : "http://osclass.org/2012/01/16/osclass-2-3-5/", - "refsource" : "CONFIRM", - "url" : "http://osclass.org/2012/01/16/osclass-2-3-5/" - }, - { - "name" : "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73", - "refsource" : "CONFIRM", - "url" : "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73" - }, - { - "name" : "51662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51662" - }, - { - "name" : "47697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73", + "refsource": "CONFIRM", + "url": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73" + }, + { + "name": "http://osclass.org/2012/01/16/osclass-2-3-5/", + "refsource": "CONFIRM", + "url": "http://osclass.org/2012/01/16/osclass-2-3-5/" + }, + { + "name": "51662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51662" + }, + { + "name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html" + }, + { + "name": "47697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47697" + }, + { + "name": "20120125 Multiple vulnerabilities in OSclass", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0157.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1822.json b/2012/1xxx/CVE-2012-1822.json index d73b6a6cdf3..d779950c282 100644 --- a/2012/1xxx/CVE-2012-1822.json +++ b/2012/1xxx/CVE-2012-1822.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1822", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1822", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3357.json b/2012/3xxx/CVE-2012-3357.json index d8b164c8562..08a6d9500a8 100644 --- a/2012/3xxx/CVE-2012-3357.json +++ b/2012/3xxx/CVE-2012-3357.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a \"log msg leak.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120625 Re: CVE Request: viewvc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/25/8" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175" - }, - { - "name" : "DSA-2563", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2563" - }, - { - "name" : "MDVSA-2013:134", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134" - }, - { - "name" : "openSUSE-SU-2012:0831", - "refsource" : "SUSE", - "url" : "https://lwn.net/Articles/505096/" - }, - { - "name" : "54199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54199" - }, - { - "name" : "83227", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83227" - }, - { - "name" : "viewvc-svnra-info-disclosure(76615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a \"log msg leak.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120625 Re: CVE Request: viewvc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/25/8" + }, + { + "name": "viewvc-svnra-info-disclosure(76615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76615" + }, + { + "name": "54199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54199" + }, + { + "name": "openSUSE-SU-2012:0831", + "refsource": "SUSE", + "url": "https://lwn.net/Articles/505096/" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175" + }, + { + "name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758" + }, + { + "name": "83227", + "refsource": "OSVDB", + "url": "http://osvdb.org/83227" + }, + { + "name": "MDVSA-2013:134", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134" + }, + { + "name": "DSA-2563", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2563" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3549.json b/2012/3xxx/CVE-2012-3549.json index c9a60aab681..e1204415c8c 100644 --- a/2012/3xxx/CVE-2012-3549.json +++ b/2012/3xxx/CVE-2012-3549.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20226", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20226" - }, - { - "name" : "[oss-security] 20120828 CVE for FreeBSD SCTP remote DoS?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/28/9" - }, - { - "name" : "[oss-security] 20120829 Re: CVE request: FreeBSD SCTP remote DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/29/6" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962" - }, - { - "name" : "54797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54797" + }, + { + "name": "[oss-security] 20120828 CVE for FreeBSD SCTP remote DoS?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/28/9" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962" + }, + { + "name": "[oss-security] 20120829 Re: CVE request: FreeBSD SCTP remote DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/29/6" + }, + { + "name": "20226", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20226" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3854.json b/2012/3xxx/CVE-2012-3854.json index 9119bb0322c..a474fb055c6 100644 --- a/2012/3xxx/CVE-2012-3854.json +++ b/2012/3xxx/CVE-2012-3854.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3854", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3854", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4041.json b/2012/4xxx/CVE-2012-4041.json index 5b794658552..f6f13b03694 100644 --- a/2012/4xxx/CVE-2012-4041.json +++ b/2012/4xxx/CVE-2012-4041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4041", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4041", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4291.json b/2012/4xxx/CVE-2012-4291.json index eb276192149..65c95f8c153 100644 --- a/2012/4xxx/CVE-2012-4291.json +++ b/2012/4xxx/CVE-2012-4291.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-20.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "RHSA-2013:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html" - }, - { - "name" : "openSUSE-SU-2012:1067", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514562" - }, - { - "name" : "openSUSE-SU-2012:1035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" - }, - { - "name" : "55035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55035" - }, - { - "name" : "oval:org.mitre.oval:def:15813", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15813" - }, - { - "name" : "51363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51363" - }, - { - "name" : "50276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50276" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55035" + }, + { + "name": "oval:org.mitre.oval:def:15813", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15813" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "RHSA-2013:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-20.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-20.html" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "51363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51363" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570" + }, + { + "name": "openSUSE-SU-2012:1035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" + }, + { + "name": "50276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50276" + }, + { + "name": "openSUSE-SU-2012:1067", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514562" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4723.json b/2012/4xxx/CVE-2012-4723.json index 31ba1831289..bcbd6160647 100644 --- a/2012/4xxx/CVE-2012-4723.json +++ b/2012/4xxx/CVE-2012-4723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4723", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4723", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4820.json b/2012/4xxx/CVE-2012-4820.json index 06c0d616997..c8dbfef55b8 100644 --- a/2012/4xxx/CVE-2012-4820.json +++ b/2012/4xxx/CVE-2012-4820.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120911 [SE-2012-01] Security vulnerabilities in IBM Java", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2012/Sep/38" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615705", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615705" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615800", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615800" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616594", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616594" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616616", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616616" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616617", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616617" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616652", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616652" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616708", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616708" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" - }, - { - "name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21616546", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21616546" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" - }, - { - "name" : "IV29654", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654" - }, - { - "name" : "RHSA-2012:1465", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html" - }, - { - "name" : "RHSA-2012:1466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "55495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55495" - }, - { - "name" : "51634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51634" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51327" - }, - { - "name" : "51328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51328" - }, - { - "name" : "51393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51393" - }, - { - "name" : "ibm-java-invoke-code-execution(78764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" + }, + { + "name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2012/Sep/38" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "55495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55495" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" + }, + { + "name": "51327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51327" + }, + { + "name": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546" + }, + { + "name": "ibm-java-invoke-code-execution(78764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "RHSA-2012:1465", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html" + }, + { + "name": "51328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51328" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708" + }, + { + "name": "51634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51634" + }, + { + "name": "IV29654", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "51393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51393" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4840.json b/2012/4xxx/CVE-2012-4840.json index d60a5c4e247..0cc566c26e1 100644 --- a/2012/4xxx/CVE-2012-4840.json +++ b/2012/4xxx/CVE-2012-4840.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" - }, - { - "name" : "cognos-bi-fct-xpath-injection(79116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cognos-bi-fct-xpath-injection(79116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79116" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4887.json b/2012/4xxx/CVE-2012-4887.json index 511302e5851..e4e38bddd74 100644 --- a/2012/4xxx/CVE-2012-4887.json +++ b/2012/4xxx/CVE-2012-4887.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4887", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4887", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2431.json b/2017/2xxx/CVE-2017-2431.json index fbca565e84a..5806aa9eea5 100644 --- a/2017/2xxx/CVE-2017-2431.json +++ b/2017/2xxx/CVE-2017-2431.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"CoreMedia\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "97140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97140" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"CoreMedia\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97140" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2528.json b/2017/2xxx/CVE-2017-2528.json index b731a8d3bd7..5930ef4a6f0 100644 --- a/2017/2xxx/CVE-2017-2528.json +++ b/2017/2xxx/CVE-2017-2528.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42105", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42105/" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98474" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "98474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98474" + }, + { + "name": "42105", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42105/" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2703.json b/2017/2xxx/CVE-2017-2703.json index aa5b22bfae2..3a02c3cd7e7 100644 --- a/2017/2xxx/CVE-2017-2703.json +++ b/2017/2xxx/CVE-2017-2703.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mate 9, P9", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373," - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Phone Finder Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mate 9, P9", + "version": { + "version_data": [ + { + "version_value": "Versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373," + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en" - }, - { - "name" : "95657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Phone Finder Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95657" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6300.json b/2017/6xxx/CVE-2017-6300.json index d2a26d9af7c..c004392f0d8 100644 --- a/2017/6xxx/CVE-2017-6300.json +++ b/2017/6xxx/CVE-2017-6300.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"3 of 9. Buffer Overflow in version field in lib/tnef-types.h.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2017/02/15/4", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/15/4" - }, - { - "name" : "https://github.com/Yeraze/ytnef/pull/27", - "refsource" : "MISC", - "url" : "https://github.com/Yeraze/ytnef/pull/27" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/" - }, - { - "name" : "DSA-3846", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3846" - }, - { - "name" : "96423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"3 of 9. Buffer Overflow in version field in lib/tnef-types.h.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96423" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/02/15/4", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/02/15/4" + }, + { + "name": "https://github.com/Yeraze/ytnef/pull/27", + "refsource": "MISC", + "url": "https://github.com/Yeraze/ytnef/pull/27" + }, + { + "name": "DSA-3846", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3846" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6314.json b/2017/6xxx/CVE-2017-6314.json index 523c8b40883..81f9f2a391c 100644 --- a/2017/6xxx/CVE-2017-6314.json +++ b/2017/6xxx/CVE-2017-6314.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/21/4" - }, - { - "name" : "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/26/1" - }, - { - "name" : "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html", - "refsource" : "MISC", - "url" : "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=779020", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=779020" - }, - { - "name" : "GLSA-201709-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-08" - }, - { - "name" : "96779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=779020", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=779020" + }, + { + "name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/21/4" + }, + { + "name": "96779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96779" + }, + { + "name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html", + "refsource": "MISC", + "url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html" + }, + { + "name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/26/1" + }, + { + "name": "GLSA-201709-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-08" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6323.json b/2017/6xxx/CVE-2017-6323.json index 5912843fe9f..98a51238c3b 100644 --- a/2017/6xxx/CVE-2017-6323.json +++ b/2017/6xxx/CVE-2017-6323.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2017-06-28T00:00:00", - "ID" : "CVE-2017-6323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ITMS", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6 & ITMS 7.6_POST_HF7" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XXE" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2017-06-28T00:00:00", + "ID": "CVE-2017-6323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ITMS", + "version": { + "version_data": [ + { + "version_value": "Prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6 & ITMS 7.6_POST_HF7" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00" - }, - { - "name" : "98621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00" + }, + { + "name": "98621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98621" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6675.json b/2017/6xxx/CVE-2017-6675.json index f4a4cfbcc0b..66dab718c00 100644 --- a/2017/6xxx/CVE-2017-6675.json +++ b/2017/6xxx/CVE-2017-6675.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Industrial Network Director", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Industrial Network Director" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Industrial Network Director", + "version": { + "version_data": [ + { + "version_value": "Cisco Industrial Network Director" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind" - }, - { - "name" : "98962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind" + }, + { + "name": "98962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98962" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6833.json b/2017/6xxx/CVE-2017-6833.json index c7561f26563..2c777726d1a 100644 --- a/2017/6xxx/CVE-2017-6833.json +++ b/2017/6xxx/CVE-2017-6833.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/13/5" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/" - }, - { - "name" : "https://github.com/mpruett/audiofile/issues/37", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/issues/37" - }, - { - "name" : "https://github.com/mpruett/audiofile/pull/42", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/pull/42" - }, - { - "name" : "DSA-3814", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/13/5" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/" + }, + { + "name": "https://github.com/mpruett/audiofile/pull/42", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/pull/42" + }, + { + "name": "DSA-3814", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3814" + }, + { + "name": "https://github.com/mpruett/audiofile/issues/37", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/issues/37" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7289.json b/2017/7xxx/CVE-2017-7289.json index 51dd8604d03..2cd733c6e25 100644 --- a/2017/7xxx/CVE-2017-7289.json +++ b/2017/7xxx/CVE-2017-7289.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7289", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7289", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7502.json b/2017/7xxx/CVE-2017-7502.json index e35e70a4a01..78661fa6486 100644 --- a/2017/7xxx/CVE-2017-7502.json +++ b/2017/7xxx/CVE-2017-7502.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nss", - "version" : { - "version_data" : [ - { - "version_value" : "since 3.24.0" - } - ] - } - } - ] - }, - "vendor_name" : "NSS project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-476" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nss", + "version": { + "version_data": [ + { + "version_value": "since 3.24.0" + } + ] + } + } + ] + }, + "vendor_name": "NSS project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d", - "refsource" : "CONFIRM", - "url" : "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "DSA-3872", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3872" - }, - { - "name" : "RHSA-2017:1364", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1364" - }, - { - "name" : "RHSA-2017:1365", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1365" - }, - { - "name" : "RHSA-2017:1567", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1567" - }, - { - "name" : "RHSA-2017:1712", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1712" - }, - { - "name" : "98744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98744" - }, - { - "name" : "1038579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1365", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1365" + }, + { + "name": "1038579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038579" + }, + { + "name": "98744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98744" + }, + { + "name": "RHSA-2017:1712", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1712" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d", + "refsource": "CONFIRM", + "url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d" + }, + { + "name": "RHSA-2017:1364", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1364" + }, + { + "name": "RHSA-2017:1567", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1567" + }, + { + "name": "DSA-3872", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3872" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7684.json b/2017/7xxx/CVE-2017-7684.json index 7c3b6d2ba52..b9915c00745 100644 --- a/2017/7xxx/CVE-2017-7684.json +++ b/2017/7xxx/CVE-2017-7684.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-07-13T00:00:00", - "ID" : "CVE-2017-7684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache OpenMeetings", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure File Upload" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-07-13T00:00:00", + "ID": "CVE-2017-7684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache OpenMeetings", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload", - "refsource" : "MLIST", - "url" : "http://markmail.org/message/v6dpmrdd6cgg66up" - }, - { - "name" : "99584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99584" + }, + { + "name": "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload", + "refsource": "MLIST", + "url": "http://markmail.org/message/v6dpmrdd6cgg66up" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10309.json b/2018/10xxx/CVE-2018-10309.json index 0905a09be9d..264ac28e39d 100644 --- a/2018/10xxx/CVE-2018-10309.json +++ b/2018/10xxx/CVE-2018-10309.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44563", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44563/" - }, - { - "name" : "https://gist.github.com/B0UG/f0cfb356e23be3cd6ebea69566d6100a", - "refsource" : "MISC", - "url" : "https://gist.github.com/B0UG/f0cfb356e23be3cd6ebea69566d6100a" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9067", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9067" - }, - { - "name" : "https://wordpress.org/plugins/responsive-cookie-consent/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/responsive-cookie-consent/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/B0UG/f0cfb356e23be3cd6ebea69566d6100a", + "refsource": "MISC", + "url": "https://gist.github.com/B0UG/f0cfb356e23be3cd6ebea69566d6100a" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9067", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9067" + }, + { + "name": "https://wordpress.org/plugins/responsive-cookie-consent/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/responsive-cookie-consent/#developers" + }, + { + "name": "44563", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44563/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14348.json b/2018/14xxx/CVE-2018-14348.json index e015d0f4d20..58b4b5d3fc7 100644 --- a/2018/14xxx/CVE-2018-14348.json +++ b/2018/14xxx/CVE-2018-14348.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180820 [SECURITY] [DLA 1472-1] libcgroup security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1100365", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1100365" - }, - { - "name" : "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/" - }, - { - "name" : "FEDORA-2018-f6adf1cb62", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/" - }, - { - "name" : "openSUSE-SU-2018:2241", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1100365", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1100365" + }, + { + "name": "FEDORA-2018-f6adf1cb62", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/" + }, + { + "name": "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/" + }, + { + "name": "openSUSE-SU-2018:2241", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html" + }, + { + "name": "[debian-lts-announce] 20180820 [SECURITY] [DLA 1472-1] libcgroup security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14442.json b/2018/14xxx/CVE-2018-14442.json index 1f2b742c476..253a0cee0c8 100644 --- a/2018/14xxx/CVE-2018-14442.json +++ b/2018/14xxx/CVE-2018-14442.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14545.json b/2018/14xxx/CVE-2018-14545.json index 441ec996622..c6421586021 100644 --- a/2018/14xxx/CVE-2018-14545.json +++ b/2018/14xxx/CVE-2018-14545.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/291", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/291", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/291" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14598.json b/2018/14xxx/CVE-2018-14598.json index 653013fcbc7..5e5436e400d 100644 --- a/2018/14xxx/CVE-2018-14598.json +++ b/2018/14xxx/CVE-2018-14598.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180821 X.Org security advisory: August 21, 2018", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/08/21/6" - }, - { - "name" : "[xorg-announce] 20180821 libX11 1.6.6", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2018-August/002916.html" - }, - { - "name" : "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1102073", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1102073" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2" - }, - { - "name" : "GLSA-201811-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-01" - }, - { - "name" : "USN-3758-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3758-2/" - }, - { - "name" : "USN-3758-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3758-1/" - }, - { - "name" : "105177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105177" - }, - { - "name" : "1041543", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3758-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3758-2/" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102073", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102073" + }, + { + "name": "GLSA-201811-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-01" + }, + { + "name": "105177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105177" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2" + }, + { + "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6" + }, + { + "name": "1041543", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041543" + }, + { + "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html" + }, + { + "name": "[xorg-announce] 20180821 libX11 1.6.6", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html" + }, + { + "name": "USN-3758-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3758-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14980.json b/2018/14xxx/CVE-2018-14980.json index d76fbbcea57..54b81d9e4c2 100644 --- a/2018/14xxx/CVE-2018-14980.json +++ b/2018/14xxx/CVE-2018-14980.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14980", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14980", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15978.json b/2018/15xxx/CVE-2018-15978.json index e6b3436ea91..5161b99a3be 100644 --- a/2018/15xxx/CVE-2018-15978.json +++ b/2018/15xxx/CVE-2018-15978.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html" - }, - { - "name" : "RHSA-2018:3618", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3618" - }, - { - "name" : "105909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105909" - }, - { - "name" : "1042098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042098" + }, + { + "name": "105909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105909" + }, + { + "name": "RHSA-2018:3618", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3618" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20312.json b/2018/20xxx/CVE-2018-20312.json index 174a7cd92e2..29b07d77c55 100644 --- a/2018/20xxx/CVE-2018-20312.json +++ b/2018/20xxx/CVE-2018-20312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20312", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20312", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20593.json b/2018/20xxx/CVE-2018-20593.json index 5a3b34a6ff8..0159a2fc5d4 100644 --- a/2018/20xxx/CVE-2018-20593.json +++ b/2018/20xxx/CVE-2018-20593.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/michaelrsweet/mxml/issues/237", - "refsource" : "MISC", - "url" : "https://github.com/michaelrsweet/mxml/issues/237" - }, - { - "name" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err", - "refsource" : "MISC", - "url" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err" - }, - { - "name" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err", - "refsource" : "MISC", - "url" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err", + "refsource": "MISC", + "url": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err" + }, + { + "name": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err", + "refsource": "MISC", + "url": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err" + }, + { + "name": "https://github.com/michaelrsweet/mxml/issues/237", + "refsource": "MISC", + "url": "https://github.com/michaelrsweet/mxml/issues/237" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20647.json b/2018/20xxx/CVE-2018-20647.json index 0f1465e6fd7..22aeec5ef77 100644 --- a/2018/20xxx/CVE-2018-20647.json +++ b/2018/20xxx/CVE-2018-20647.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20647", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20647", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9033.json b/2018/9xxx/CVE-2018-9033.json index cb14fbbc475..dc28b1e5d2a 100644 --- a/2018/9xxx/CVE-2018-9033.json +++ b/2018/9xxx/CVE-2018-9033.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9033", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9033", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9057.json b/2018/9xxx/CVE-2018-9057.json index aad65926fdf..b752bd349b8 100644 --- a/2018/9xxx/CVE-2018-9057.json +++ b/2018/9xxx/CVE-2018-9057.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/terraform-providers/terraform-provider-aws/pull/3934", - "refsource" : "MISC", - "url" : "https://github.com/terraform-providers/terraform-provider-aws/pull/3934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/terraform-providers/terraform-provider-aws/pull/3934", + "refsource": "MISC", + "url": "https://github.com/terraform-providers/terraform-provider-aws/pull/3934" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9222.json b/2018/9xxx/CVE-2018-9222.json index f80b2859445..1ea5d6ad827 100644 --- a/2018/9xxx/CVE-2018-9222.json +++ b/2018/9xxx/CVE-2018-9222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9222", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9222", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9537.json b/2018/9xxx/CVE-2018-9537.json index f251fdda2c4..445045e29b3 100644 --- a/2018/9xxx/CVE-2018-9537.json +++ b/2018/9xxx/CVE-2018-9537.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - }, - { - "name" : "105865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105865" + }, + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9768.json b/2018/9xxx/CVE-2018-9768.json index 0a31b16d075..3affc7b6cda 100644 --- a/2018/9xxx/CVE-2018-9768.json +++ b/2018/9xxx/CVE-2018-9768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file