diff --git a/2002/0xxx/CVE-2002-0084.json b/2002/0xxx/CVE-2002-0084.json index 24dcc4a1c16..ebfb26130b7 100644 --- a/2002/0xxx/CVE-2002-0084.json +++ b/2002/0xxx/CVE-2002-0084.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.esecurityonline.com/advisories/eSO4198.asp", - "refsource" : "MISC", - "url" : "http://www.esecurityonline.com/advisories/eSO4198.asp" - }, - { - "name" : "VU#161931", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/161931" - }, - { - "name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309" - }, - { - "name" : "20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html" - }, - { - "name" : "oval:org.mitre.oval:def:43", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43" - }, - { - "name" : "oval:org.mitre.oval:def:97", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309" + }, + { + "name": "VU#161931", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/161931" + }, + { + "name": "http://www.esecurityonline.com/advisories/eSO4198.asp", + "refsource": "MISC", + "url": "http://www.esecurityonline.com/advisories/eSO4198.asp" + }, + { + "name": "20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html" + }, + { + "name": "oval:org.mitre.oval:def:43", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43" + }, + { + "name": "oval:org.mitre.oval:def:97", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0872.json b/2002/0xxx/CVE-2002-0872.json index 30b75086dd3..7cf2429cbe6 100644 --- a/2002/0xxx/CVE-2002-0872.json +++ b/2002/0xxx/CVE-2002-0872.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-152", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-152" - }, - { - "name" : "5451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5451" - }, - { - "name" : "l2tpd-rand-number-predictable(9845)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9845.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-152", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-152" + }, + { + "name": "l2tpd-rand-number-predictable(9845)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9845.php" + }, + { + "name": "5451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5451" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1282.json b/2002/1xxx/CVE-2002-1282.json index a653f2b9e9d..c847f951d3b 100644 --- a/2002/1xxx/CVE-2002-1282.json +++ b/2002/1xxx/CVE-2002-1282.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103712550205730&w=2" - }, - { - "name" : "CSSA-2003-012.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-012.0.txt" - }, - { - "name" : "MDKSA-2002:079", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php" - }, - { - "name" : "RHSA-2002:220", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" - }, - { - "name" : "DSA-204", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-204" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20021111-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20021111-1.txt" - }, - { - "name" : "20021114 GLSA: kdelibs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103728981029342&w=2" - }, - { - "name" : "8298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8298" - }, - { - "name" : "kde-telnet-command-execution(10603)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10603.php" - }, - { - "name" : "6182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2003-012.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-012.0.txt" + }, + { + "name": "20021114 GLSA: kdelibs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103728981029342&w=2" + }, + { + "name": "8298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8298" + }, + { + "name": "kde-telnet-command-execution(10603)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10603.php" + }, + { + "name": "http://www.kde.org/info/security/advisory-20021111-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20021111-1.txt" + }, + { + "name": "MDKSA-2002:079", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php" + }, + { + "name": "20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103712550205730&w=2" + }, + { + "name": "DSA-204", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-204" + }, + { + "name": "RHSA-2002:220", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html" + }, + { + "name": "6182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6182" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1809.json b/2002/1xxx/CVE-2002-1809.json index 78f37b694be..d36b8970c35 100644 --- a/2002/1xxx/CVE-2002-1809.json +++ b/2002/1xxx/CVE-2002-1809.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020818 Weak MySQL Default Configuration on Windows", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html" - }, - { - "name" : "5503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5503" - }, - { - "name" : "mysql-default-root-access(9902)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9902.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5503" + }, + { + "name": "20020818 Weak MySQL Default Configuration on Windows", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html" + }, + { + "name": "mysql-default-root-access(9902)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9902.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2126.json b/2002/2xxx/CVE-2002-2126.json index 57aada15e31..6b69963c8c9 100644 --- a/2002/2xxx/CVE-2002-2126.json +++ b/2002/2xxx/CVE-2002-2126.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021202 Bypassing Integrity Protection Driver (time vulnerability)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0021.html" - }, - { - "name" : "20021203 New Integrity Protection Driver (IPD) Available", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0087.html" - }, - { - "name" : "6295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6295" - }, - { - "name" : "ipd-change-system-clock(10745)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10745.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021202 Bypassing Integrity Protection Driver (time vulnerability)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0021.html" + }, + { + "name": "ipd-change-system-clock(10745)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10745.php" + }, + { + "name": "20021203 New Integrity Protection Driver (IPD) Available", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0087.html" + }, + { + "name": "6295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6295" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1002.json b/2005/1xxx/CVE-2005-1002.json index f744f0dbc76..5ddabc72de1 100644 --- a/2005/1xxx/CVE-2005-1002.json +++ b/2005/1xxx/CVE-2005-1002.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050405 Logics Software BS2000 Host to Web Client ALL PLATFORMS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111271950916436&w=2" - }, - { - "name" : "12998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12998" - }, - { - "name" : "14851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12998" + }, + { + "name": "20050405 Logics Software BS2000 Host to Web Client ALL PLATFORMS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111271950916436&w=2" + }, + { + "name": "14851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14851" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1021.json b/2005/1xxx/CVE-2005-1021.json index 6e9f2ea7714..51d74bfa376 100644 --- a/2005/1xxx/CVE-2005-1021.json +++ b/2005/1xxx/CVE-2005-1021.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050406 Vulnerabilities in Cisco IOS Secure Shell Server", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml" - }, - { - "name" : "13042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13042" - }, - { - "name" : "15303", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15303" - }, - { - "name" : "oval:org.mitre.oval:def:5687", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5687" - }, - { - "name" : "1013655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Apr/1013655.html" - }, - { - "name" : "14854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14854" - }, - { - "name" : "cisco-ios-memory-leak-dos(19991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Apr/1013655.html" + }, + { + "name": "cisco-ios-memory-leak-dos(19991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19991" + }, + { + "name": "15303", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15303" + }, + { + "name": "13042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13042" + }, + { + "name": "14854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14854" + }, + { + "name": "20050406 Vulnerabilities in Cisco IOS Secure Shell Server", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml" + }, + { + "name": "oval:org.mitre.oval:def:5687", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5687" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1316.json b/2005/1xxx/CVE-2005-1316.json index 90a2bac99ff..48736d659d6 100644 --- a/2005/1xxx/CVE-2005-1316.json +++ b/2005/1xxx/CVE-2005-1316.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[sork] 20050422 Accounts 2.1.2 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002146.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/accounts/docs/CHANGES?r1=1.1.1.1.2.15&r2=1.1.1.1.2.18&ty=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/accounts/docs/CHANGES?r1=1.1.1.1.2.15&r2=1.1.1.1.2.18&ty=h" - }, - { - "name" : "15081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.horde.org/diff.php/accounts/docs/CHANGES?r1=1.1.1.1.2.15&r2=1.1.1.1.2.18&ty=h", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/accounts/docs/CHANGES?r1=1.1.1.1.2.15&r2=1.1.1.1.2.18&ty=h" + }, + { + "name": "15081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15081" + }, + { + "name": "[sork] 20050422 Accounts 2.1.2 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002146.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1441.json b/2005/1xxx/CVE-2005-1441.json index 7b33b13f321..f9df3356d05 100644 --- a/2005/1xxx/CVE-2005-1441.json +++ b/2005/1xxx/CVE-2005-1441.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525" - }, - { - "name" : "13446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13446" - }, - { - "name" : "15366", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15366" - }, - { - "name" : "1013842", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013842" - }, - { - "name" : "14879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14879" - }, - { - "name" : "lotus-nrpc-format-string(20043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-nrpc-format-string(20043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20043" + }, + { + "name": "13446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13446" + }, + { + "name": "14879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14879" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525" + }, + { + "name": "1013842", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013842" + }, + { + "name": "15366", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15366" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1503.json b/2005/1xxx/CVE-2005-1503.json index b542cea7c6d..d2e0b43a135 100644 --- a/2005/1xxx/CVE-2005-1503.json +++ b/2005/1xxx/CVE-2005-1503.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111533057918993&w=2" - }, - { - "name" : "http://www.hackgen.org/advisories/hackgen-2005-004.txt", - "refsource" : "MISC", - "url" : "http://www.hackgen.org/advisories/hackgen-2005-004.txt" - }, - { - "name" : "13512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13512" - }, - { - "name" : "13513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13513" - }, - { - "name" : "13514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13514" - }, - { - "name" : "13515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13515" - }, - { - "name" : "16175", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16175" - }, - { - "name" : "16176", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16176" - }, - { - "name" : "16177", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16177" - }, - { - "name" : "15269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15269" - }, - { - "name" : "midicart-sql-injection(20428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16176", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16176" + }, + { + "name": "13512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13512" + }, + { + "name": "http://www.hackgen.org/advisories/hackgen-2005-004.txt", + "refsource": "MISC", + "url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt" + }, + { + "name": "13514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13514" + }, + { + "name": "13515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13515" + }, + { + "name": "16177", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16177" + }, + { + "name": "15269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15269" + }, + { + "name": "13513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13513" + }, + { + "name": "midicart-sql-injection(20428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20428" + }, + { + "name": "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2" + }, + { + "name": "16175", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16175" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1675.json b/2005/1xxx/CVE-2005-1675.json index 66fc96e6a62..1dacc6aae66 100644 --- a/2005/1xxx/CVE-2005-1675.json +++ b/2005/1xxx/CVE-2005-1675.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/JGEI-6BCRBX", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JGEI-6BCRBX" - }, - { - "name" : "VU#443370", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/443370" - }, - { - "name" : "15421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15421" + }, + { + "name": "VU#443370", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/443370" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JGEI-6BCRBX", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JGEI-6BCRBX" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1010.json b/2009/1xxx/CVE-2009-1010.json index 0e2f28200e4..f8988bab2a3 100644 --- a/2009/1xxx/CVE-2009-1010.json +++ b/2009/1xxx/CVE-2009-1010.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53749", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53749" - }, - { - "name" : "1022055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022055" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022055" + }, + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "53749", + "refsource": "OSVDB", + "url": "http://osvdb.org/53749" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1022.json b/2009/1xxx/CVE-2009-1022.json index 74fbac9a9ab..71b9d8e5c42 100644 --- a/2009/1xxx/CVE-2009-1022.json +++ b/2009/1xxx/CVE-2009-1022.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a subtitle (.srt) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090316 [Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501846/100/0/threaded" - }, - { - "name" : "8225", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8225" - }, - { - "name" : "http://security.bkis.vn/?p=352", - "refsource" : "MISC", - "url" : "http://security.bkis.vn/?p=352" - }, - { - "name" : "34120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34120" - }, - { - "name" : "52677", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52677" - }, - { - "name" : "34314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34314" - }, - { - "name" : "ADV-2009-0735", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0735" - }, - { - "name" : "gomencoder-srt-bo(49252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a subtitle (.srt) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34120" + }, + { + "name": "20090316 [Bkis-04-2009] GOM Encoder Heap-based Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501846/100/0/threaded" + }, + { + "name": "http://security.bkis.vn/?p=352", + "refsource": "MISC", + "url": "http://security.bkis.vn/?p=352" + }, + { + "name": "gomencoder-srt-bo(49252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49252" + }, + { + "name": "ADV-2009-0735", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0735" + }, + { + "name": "8225", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8225" + }, + { + "name": "52677", + "refsource": "OSVDB", + "url": "http://osvdb.org/52677" + }, + { + "name": "34314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34314" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1149.json b/2009/1xxx/CVE-2009-1149.json index dcf9b4d91c0..a0b6aedfe03 100644 --- a/2009/1xxx/CVE-2009-1149.json +++ b/2009/1xxx/CVE-2009-1149.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303", - "refsource" : "MISC", - "url" : "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php" - }, - { - "name" : "SUSE-SR:2009:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" - }, - { - "name" : "34468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34468" - }, - { - "name" : "34642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303", + "refsource": "MISC", + "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303" + }, + { + "name": "34642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34642" + }, + { + "name": "SUSE-SR:2009:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" + }, + { + "name": "34468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34468" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1507.json b/2009/1xxx/CVE-2009-1507.json index 978045d6077..47cc4c6fe6c 100644 --- a/2009/1xxx/CVE-2009-1507.json +++ b/2009/1xxx/CVE-2009-1507.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/449030", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/449030" - }, - { - "name" : "34778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34778" - }, - { - "name" : "34955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34955" - }, - { - "name" : "ADV-2009-1212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/449030", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/449030" + }, + { + "name": "34778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34778" + }, + { + "name": "ADV-2009-1212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1212" + }, + { + "name": "34955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34955" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1619.json b/2009/1xxx/CVE-2009-1619.json index 974b3540bc5..b267cfd9777 100644 --- a/2009/1xxx/CVE-2009-1619.json +++ b/2009/1xxx/CVE-2009-1619.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8551", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8551" - }, - { - "name" : "34735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34735" - }, - { - "name" : "34818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34818" + }, + { + "name": "8551", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8551" + }, + { + "name": "34735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34735" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0273.json b/2012/0xxx/CVE-2012-0273.json index 3a54bf3e877..dfacc9defc3 100644 --- a/2012/0xxx/CVE-2012-0273.json +++ b/2012/0xxx/CVE-2012-0273.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-0273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2012-5", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2012-5" - }, - { - "name" : "52873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52873" - }, - { - "name" : "45462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45462" - }, - { - "name" : "minalic-adddefaultfile-bo(74652)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74652" - }, - { - "name" : "minalic-getcookievalue-bo(74651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74651" - }, - { - "name" : "minalic-response-bo(74653)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45462" + }, + { + "name": "minalic-getcookievalue-bo(74651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74651" + }, + { + "name": "http://secunia.com/secunia_research/2012-5", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2012-5" + }, + { + "name": "minalic-response-bo(74653)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74653" + }, + { + "name": "minalic-adddefaultfile-bo(74652)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74652" + }, + { + "name": "52873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52873" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0327.json b/2012/0xxx/CVE-2012-0327.json index fa458080a81..d73a7e91551 100644 --- a/2012/0xxx/CVE-2012-0327.json +++ b/2012/0xxx/CVE-2012-0327.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-0327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.redmine.org/versions/42", - "refsource" : "MISC", - "url" : "http://www.redmine.org/versions/42" - }, - { - "name" : "JVN#93406632", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN93406632/index.html" - }, - { - "name" : "JVNDB-2012-000025", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025" - }, - { - "name" : "52447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52447" + }, + { + "name": "JVNDB-2012-000025", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025" + }, + { + "name": "JVN#93406632", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN93406632/index.html" + }, + { + "name": "http://www.redmine.org/versions/42", + "refsource": "MISC", + "url": "http://www.redmine.org/versions/42" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0602.json b/2012/0xxx/CVE-2012-0602.json index 59aff0c73fc..5de3f9d9b1d 100644 --- a/2012/0xxx/CVE-2012-0602.json +++ b/2012/0xxx/CVE-2012-0602.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79923", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79923" - }, - { - "name" : "oval:org.mitre.oval:def:17287", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17287" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120602-code-execution(73821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79923", + "refsource": "OSVDB", + "url": "http://osvdb.org/79923" + }, + { + "name": "oval:org.mitre.oval:def:17287", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17287" + }, + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "apple-webkit-cve20120602-code-execution(73821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73821" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2676.json b/2012/2xxx/CVE-2012-2676.json index f18d8cf6a8d..7ae759a6786 100644 --- a/2012/2xxx/CVE-2012-2676.json +++ b/2012/2xxx/CVE-2012-2676.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120605 memory allocator upstream patches", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/05/1" - }, - { - "name" : "[oss-security] 20120607 Re: memory allocator upstream patches", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/07/13" - }, - { - "name" : "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", - "refsource" : "MISC", - "url" : "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/" - }, - { - "name" : "https://github.com/emeryberger/Hoard/blob/master/NEWS", - "refsource" : "CONFIRM", - "url" : "https://github.com/emeryberger/Hoard/blob/master/NEWS" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", + "refsource": "MISC", + "url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/" + }, + { + "name": "[oss-security] 20120605 memory allocator upstream patches", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/05/1" + }, + { + "name": "[oss-security] 20120607 Re: memory allocator upstream patches", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/07/13" + }, + { + "name": "https://github.com/emeryberger/Hoard/blob/master/NEWS", + "refsource": "CONFIRM", + "url": "https://github.com/emeryberger/Hoard/blob/master/NEWS" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2856.json b/2012/2xxx/CVE-2012-2856.json index 1b8d5ee9fca..5b0cf8c1312 100644 --- a/2012/2xxx/CVE-2012-2856.json +++ b/2012/2xxx/CVE-2012-2856.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=134954", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=134954" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=135264", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=135264" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" - }, - { - "name" : "oval:org.mitre.oval:def:15053", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15053", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15053" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=135264", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=135264" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=134954", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=134954" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2889.json b/2012/2xxx/CVE-2012-2889.json index b1279566186..4962ace24a4 100644 --- a/2012/2xxx/CVE-2012-2889.json +++ b/2012/2xxx/CVE-2012-2889.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka \"Universal XSS (UXSS).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=143439", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=143439" - }, - { - "name" : "http://support.apple.com/kb/HT5642", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5642" - }, - { - "name" : "APPLE-SA-2013-01-28-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2013-03-14-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:1376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:15829", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15829" - }, - { - "name" : "google-chrome-cve20122889(78823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka \"Universal XSS (UXSS).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5642", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5642" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" + }, + { + "name": "APPLE-SA-2013-03-14-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:15829", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15829" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=143439", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=143439" + }, + { + "name": "google-chrome-cve20122889(78823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78823" + }, + { + "name": "APPLE-SA-2013-01-28-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" + }, + { + "name": "openSUSE-SU-2012:1376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3115.json b/2012/3xxx/CVE-2012-3115.json index b91c474d0dc..18301025280 100644 --- a/2012/3xxx/CVE-2012-3115.json +++ b/2012/3xxx/CVE-2012-3115.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54520" - }, - { - "name" : "83913", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83913" - }, - { - "name" : "1027264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027264" - }, - { - "name" : "fusionmiddleware-mvi-cve20123115(76997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54520" + }, + { + "name": "1027264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027264" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "fusionmiddleware-mvi-cve20123115(76997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76997" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "83913", + "refsource": "OSVDB", + "url": "http://osvdb.org/83913" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3402.json b/2012/3xxx/CVE-2012-3402.json index a491a1f6df0..f1633ec6988 100644 --- a/2012/3xxx/CVE-2012-3402.json +++ b/2012/3xxx/CVE-2012-3402.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120820 The Gimp PSD plug-in CVE-2012-3402 issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/20/6" - }, - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=838941", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=838941" - }, - { - "name" : "GLSA-201209-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-23.xml" - }, - { - "name" : "RHSA-2012:1181", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1181.html" - }, - { - "name" : "1027411", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027411" - }, - { - "name" : "50737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120820 The Gimp PSD plug-in CVE-2012-3402 issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/20/6" + }, + { + "name": "GLSA-201209-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" + }, + { + "name": "1027411", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027411" + }, + { + "name": "RHSA-2012:1181", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff" + }, + { + "name": "50737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50737" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=838941", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838941" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3419.json b/2012/3xxx/CVE-2012-3419.json index 99df1cd7dc7..640eced9886 100644 --- a/2012/3xxx/CVE-2012-3419.json +++ b/2012/3xxx/CVE-2012-3419.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120816 pcp: Multiple security flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/16/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=841702", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=841702" - }, - { - "name" : "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6", - "refsource" : "CONFIRM", - "url" : "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6" - }, - { - "name" : "DSA-2533", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2533" - }, - { - "name" : "FEDORA-2012-12024", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html" - }, - { - "name" : "FEDORA-2012-12076", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html" - }, - { - "name" : "openSUSE-SU-2012:1079", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15540133" - }, - { - "name" : "openSUSE-SU-2012:1081", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15540172" - }, - { - "name" : "openSUSE-SU-2012:1036", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15471040" - }, - { - "name" : "SUSE-SU-2013:0190", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6", + "refsource": "CONFIRM", + "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6" + }, + { + "name": "openSUSE-SU-2012:1079", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15540133" + }, + { + "name": "openSUSE-SU-2012:1081", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15540172" + }, + { + "name": "[oss-security] 20120816 pcp: Multiple security flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1" + }, + { + "name": "FEDORA-2012-12076", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html" + }, + { + "name": "openSUSE-SU-2012:1036", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15471040" + }, + { + "name": "FEDORA-2012-12024", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html" + }, + { + "name": "SUSE-SU-2013:0190", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841702", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702" + }, + { + "name": "DSA-2533", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2533" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3552.json b/2012/3xxx/CVE-2012-3552.json index df46597e8ef..6f0a647eee5 100644 --- a/2012/3xxx/CVE-2012-3552.json +++ b/2012/3xxx/CVE-2012-3552.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/11" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6d8bd051c391c1c0458a30b2a7abcd939329259", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6d8bd051c391c1c0458a30b2a7abcd939329259" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=853465", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=853465" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259" - }, - { - "name" : "RHSA-2012:1540", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1540.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1540", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1540.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6d8bd051c391c1c0458a30b2a7abcd939329259", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6d8bd051c391c1c0458a30b2a7abcd939329259" + }, + { + "name": "[oss-security] 20120831 Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/11" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853465", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853465" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4001.json b/2012/4xxx/CVE-2012-4001.json index d3196af9ce0..547d05d82a2 100644 --- a/2012/4xxx/CVE-2012-4001.json +++ b/2012/4xxx/CVE-2012-4001.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001", - "refsource" : "CONFIRM", - "url" : "https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001" - }, - { - "name" : "https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6", - "refsource" : "CONFIRM", - "url" : "https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001", + "refsource": "CONFIRM", + "url": "https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001" + }, + { + "name": "https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6", + "refsource": "CONFIRM", + "url": "https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4044.json b/2012/4xxx/CVE-2012-4044.json index 2cf5705900e..353d1442464 100644 --- a/2012/4xxx/CVE-2012-4044.json +++ b/2012/4xxx/CVE-2012-4044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4181.json b/2012/4xxx/CVE-2012-4181.json index b3a545cc446..b4765279b68 100644 --- a/2012/4xxx/CVE-2012-4181.json +++ b/2012/4xxx/CVE-2012-4181.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=786111", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=786111" - }, - { - "name" : "MDVSA-2012:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" - }, - { - "name" : "RHSA-2012:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "56130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56130" - }, - { - "name" : "86100", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86100" - }, - { - "name" : "oval:org.mitre.oval:def:16523", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16523" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50936" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - }, - { - "name" : "firefox-nssmilanimationcontroller-code-exec(79159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "86100", + "refsource": "OSVDB", + "url": "http://osvdb.org/86100" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=786111", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=786111" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "RHSA-2012:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html" + }, + { + "name": "oval:org.mitre.oval:def:16523", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16523" + }, + { + "name": "50936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50936" + }, + { + "name": "56130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56130" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "MDVSA-2012:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" + }, + { + "name": "firefox-nssmilanimationcontroller-code-exec(79159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79159" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4299.json b/2012/4xxx/CVE-2012-4299.json index 521073fea96..25443db4f5a 100644 --- a/2012/4xxx/CVE-2012-4299.json +++ b/2012/4xxx/CVE-2012-4299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4901.json b/2012/4xxx/CVE-2012-4901.json index aa02c60a425..d72a1d91232 100644 --- a/2012/4xxx/CVE-2012-4901.json +++ b/2012/4xxx/CVE-2012-4901.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21742", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/21742/" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23115", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23115" - }, - { - "name" : "55766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55766" - }, - { - "name" : "85895", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "85895", + "refsource": "OSVDB", + "url": "http://osvdb.org/85895" + }, + { + "name": "55766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55766" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23115", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23115" + }, + { + "name": "21742", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/21742/" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6578.json b/2012/6xxx/CVE-2012-6578.json index 0a9155a189f..5c36ccd0174 100644 --- a/2012/6xxx/CVE-2012-6578.json +++ b/2012/6xxx/CVE-2012-6578.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a \"Sign by default\" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20121025 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a \"Sign by default\" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20121025 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2790.json b/2017/2xxx/CVE-2017-2790.json index e4b6e835576..1647144a18b 100644 --- a/2017/2xxx/CVE-2017-2790.json +++ b/2017/2xxx/CVE-2017-2790.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Ichitaro", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "JustSystems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ichitaro", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "JustSystems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0197/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0197/" - }, - { - "name" : "96442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96442" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0197/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0197/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2930.json b/2017/2xxx/CVE-2017-2930.json index 009e06b8ec4..5203f35156e 100644 --- a/2017/2xxx/CVE-2017-2930.json +++ b/2017/2xxx/CVE-2017-2930.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.186 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.186 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.186 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.186 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41008", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41008/" - }, - { - "name" : "41012", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41012/" - }, - { - "name" : "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html" - }, - { - "name" : "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/", - "refsource" : "MISC", - "url" : "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html" - }, - { - "name" : "95350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95350" - }, - { - "name" : "1037570", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "41012", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41012/" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" + }, + { + "name": "RHSA-2017:0057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html" + }, + { + "name": "41008", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41008/" + }, + { + "name": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/", + "refsource": "MISC", + "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/" + }, + { + "name": "1037570", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037570" + }, + { + "name": "95350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95350" + }, + { + "name": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6160.json b/2017/6xxx/CVE-2017-6160.json index 68e38913022..c330fa2d187 100644 --- a/2017/6xxx/CVE-2017-6160.json +++ b/2017/6xxx/CVE-2017-6160.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-10-26T00:00:00", - "ID" : "CVE-2017-6160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP AAM, PEM", - "version" : { - "version_data" : [ - { - "version_value" : "12.0.0 - 12.1.1" - }, - { - "version_value" : "11.6.0 - 11.6.1" - }, - { - "version_value" : "11.4.1 - 11.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-10-26T00:00:00", + "ID": "CVE-2017-6160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP AAM, PEM", + "version": { + "version_data": [ + { + "version_value": "12.0.0 - 12.1.1" + }, + { + "version_value": "11.6.0 - 11.6.1" + }, + { + "version_value": "11.4.1 - 11.5.4" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K19430431", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K19430431" - }, - { - "name" : "101632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101632" - }, - { - "name" : "1039670", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K19430431", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K19430431" + }, + { + "name": "1039670", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039670" + }, + { + "name": "101632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101632" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6738.json b/2017/6xxx/CVE-2017-6738.json index 8f28be9427d..a06f096ab10 100644 --- a/2017/6xxx/CVE-2017-6738.json +++ b/2017/6xxx/CVE-2017-6738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp" - }, - { - "name" : "99345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99345" - }, - { - "name" : "1038808", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99345" + }, + { + "name": "1038808", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038808" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6799.json b/2017/6xxx/CVE-2017-6799.json index 8b98357d7f1..aa9a1013b7f 100644 --- a/2017/6xxx/CVE-2017-6799.json +++ b/2017/6xxx/CVE-2017-6799.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mantisbt.org/bugs/view.php?id=22497", - "refsource" : "CONFIRM", - "url" : "http://mantisbt.org/bugs/view.php?id=22497" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2017/03/10/1", - "refsource" : "CONFIRM", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/10/1" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95" - }, - { - "name" : "96819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mantisbt.org/bugs/view.php?id=22497", + "refsource": "CONFIRM", + "url": "http://mantisbt.org/bugs/view.php?id=22497" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/03/10/1", + "refsource": "CONFIRM", + "url": "http://www.openwall.com/lists/oss-security/2017/03/10/1" + }, + { + "name": "96819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96819" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6836.json b/2017/6xxx/CVE-2017-6836.json index 0581ba74191..606e516b352 100644 --- a/2017/6xxx/CVE-2017-6836.json +++ b/2017/6xxx/CVE-2017-6836.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/13/8" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/" - }, - { - "name" : "https://github.com/mpruett/audiofile/issues/40", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/issues/40" - }, - { - "name" : "https://github.com/mpruett/audiofile/pull/42", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/pull/42" - }, - { - "name" : "DSA-3814", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mpruett/audiofile/pull/42", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/pull/42" + }, + { + "name": "https://github.com/mpruett/audiofile/issues/40", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/issues/40" + }, + { + "name": "DSA-3814", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3814" + }, + { + "name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/13/8" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6911.json b/2017/6xxx/CVE-2017-6911.json index 6bbd3815038..d252c99d44f 100644 --- a/2017/6xxx/CVE-2017-6911.json +++ b/2017/6xxx/CVE-2017-6911.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170316 CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/540289/100/0/threaded" - }, - { - "name" : "20170316 USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Mar/43" - }, - { - "name" : "http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html" - }, - { - "name" : "96970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96970" + }, + { + "name": "http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html" + }, + { + "name": "20170316 USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Mar/43" + }, + { + "name": "20170316 CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/540289/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11048.json b/2018/11xxx/CVE-2018-11048.json index 642dab4d934..c3e680ffd5d 100644 --- a/2018/11xxx/CVE-2018-11048.json +++ b/2018/11xxx/CVE-2018-11048.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-08-03T04:00:00.000Z", - "ID" : "CVE-2018-11048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Data Protection Advisor", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "6.2" - }, - { - "affected" : "=", - "version_value" : "6.3" - }, - { - "affected" : "<=", - "version_name" : "6.4", - "version_value" : "patch B180" - }, - { - "affected" : "<=", - "version_name" : "6.5", - "version_value" : "patch B58" - } - ] - } - }, - { - "product_name" : "Integrated Data Protection Appliance", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "2.0" - }, - { - "affected" : "=", - "version_value" : "2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-08-03T04:00:00.000Z", + "ID": "CVE-2018-11048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Protection Advisor", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "6.2" + }, + { + "affected": "=", + "version_value": "6.3" + }, + { + "affected": "<=", + "version_name": "6.4", + "version_value": "patch B180" + }, + { + "affected": "<=", + "version_name": "6.5", + "version_value": "patch B58" + } + ] + } + }, + { + "product_name": "Integrated Data Protection Appliance", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "2.0" + }, + { + "affected": "=", + "version_value": "2.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/5" - }, - { - "name" : "105130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105130" - }, - { - "name" : "1041417", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041417" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105130" + }, + { + "name": "20180803 DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/5" + }, + { + "name": "1041417", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041417" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11507.json b/2018/11xxx/CVE-2018-11507.json index 92e4ee92323..22df192f40c 100644 --- a/2018/11xxx/CVE-2018-11507.json +++ b/2018/11xxx/CVE-2018-11507.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FLIF-hub/FLIF/issues/509", - "refsource" : "MISC", - "url" : "https://github.com/FLIF-hub/FLIF/issues/509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FLIF-hub/FLIF/issues/509", + "refsource": "MISC", + "url": "https://github.com/FLIF-hub/FLIF/issues/509" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11640.json b/2018/11xxx/CVE-2018-11640.json index 77e1e1b7657..b62910a9038 100644 --- a/2018/11xxx/CVE-2018-11640.json +++ b/2018/11xxx/CVE-2018-11640.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://d3adend.org/blog/?p=1398", - "refsource" : "MISC", - "url" : "https://d3adend.org/blog/?p=1398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://d3adend.org/blog/?p=1398", + "refsource": "MISC", + "url": "https://d3adend.org/blog/?p=1398" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11648.json b/2018/11xxx/CVE-2018-11648.json index 24e4b2dbbcf..0baf053c466 100644 --- a/2018/11xxx/CVE-2018-11648.json +++ b/2018/11xxx/CVE-2018-11648.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11648", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11648", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14447.json b/2018/14xxx/CVE-2018-14447.json index a3ac61cb92e..65e28e37e17 100644 --- a/2018/14xxx/CVE-2018-14447.json +++ b/2018/14xxx/CVE-2018-14447.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180818 [SECURITY] [DLA 1470-1] confuse security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00017.html" - }, - { - "name" : "http://hac425.unaux.com/index.php/archives/64/", - "refsource" : "MISC", - "url" : "http://hac425.unaux.com/index.php/archives/64/" - }, - { - "name" : "https://github.com/martinh/libconfuse/issues/109", - "refsource" : "MISC", - "url" : "https://github.com/martinh/libconfuse/issues/109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hac425.unaux.com/index.php/archives/64/", + "refsource": "MISC", + "url": "http://hac425.unaux.com/index.php/archives/64/" + }, + { + "name": "[debian-lts-announce] 20180818 [SECURITY] [DLA 1470-1] confuse security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00017.html" + }, + { + "name": "https://github.com/martinh/libconfuse/issues/109", + "refsource": "MISC", + "url": "https://github.com/martinh/libconfuse/issues/109" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14939.json b/2018/14xxx/CVE-2018-14939.json index db374a2e86e..c681b2046dc 100644 --- a/2018/14xxx/CVE-2018-14939.json +++ b/2018/14xxx/CVE-2018-14939.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.documentfoundation.org/show_bug.cgi?id=118514", - "refsource" : "MISC", - "url" : "https://bugs.documentfoundation.org/show_bug.cgi?id=118514" - }, - { - "name" : "105047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105047" + }, + { + "name": "https://bugs.documentfoundation.org/show_bug.cgi?id=118514", + "refsource": "MISC", + "url": "https://bugs.documentfoundation.org/show_bug.cgi?id=118514" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15572.json b/2018/15xxx/CVE-2018-15572.json index 12f45d7609d..aa06b941cf6 100644 --- a/2018/15xxx/CVE-2018-15572.json +++ b/2018/15xxx/CVE-2018-15572.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346" - }, - { - "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1", - "refsource" : "MISC", - "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1" - }, - { - "name" : "https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346" - }, - { - "name" : "DSA-4308", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4308" - }, - { - "name" : "USN-3775-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3775-2/" - }, - { - "name" : "USN-3776-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3776-1/" - }, - { - "name" : "USN-3776-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3776-2/" - }, - { - "name" : "USN-3777-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-1/" - }, - { - "name" : "USN-3777-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-2/" - }, - { - "name" : "USN-3775-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3775-1/" - }, - { - "name" : "USN-3777-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-3/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346" + }, + { + "name": "USN-3776-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3776-1/" + }, + { + "name": "USN-3776-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3776-2/" + }, + { + "name": "USN-3777-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-1/" + }, + { + "name": "https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346" + }, + { + "name": "USN-3775-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3775-1/" + }, + { + "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" + }, + { + "name": "DSA-4308", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4308" + }, + { + "name": "USN-3775-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3775-2/" + }, + { + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1", + "refsource": "MISC", + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1" + }, + { + "name": "USN-3777-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-2/" + }, + { + "name": "USN-3777-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15718.json b/2018/15xxx/CVE-2018-15718.json index 78e020da002..8736fe6bbc8 100644 --- a/2018/15xxx/CVE-2018-15718.json +++ b/2018/15xxx/CVE-2018-15718.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-12-12T00:00:00", - "ID" : "CVE-2018-15718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Open Dental", - "version" : { - "version_data" : [ - { - "version_value" : "18.3 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Open Dental" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200 Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-12-12T00:00:00", + "ID": "CVE-2018-15718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Dental", + "version": { + "version_data": [ + { + "version_value": "18.3 and below" + } + ] + } + } + ] + }, + "vendor_name": "Open Dental" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-44", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-44" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-44", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-44" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15803.json b/2018/15xxx/CVE-2018-15803.json index 20c052464de..710ef3d5caa 100644 --- a/2018/15xxx/CVE-2018-15803.json +++ b/2018/15xxx/CVE-2018-15803.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15803", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15803", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15812.json b/2018/15xxx/CVE-2018-15812.json index 55e42036925..3e80ffb0bef 100644 --- a/2018/15xxx/CVE-2018-15812.json +++ b/2018/15xxx/CVE-2018-15812.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15812", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15812", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15932.json b/2018/15xxx/CVE-2018-15932.json index 9ae946a0c8e..04fb11d2f63 100644 --- a/2018/15xxx/CVE-2018-15932.json +++ b/2018/15xxx/CVE-2018-15932.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20131.json b/2018/20xxx/CVE-2018-20131.json index 389b5c7280f..ba11f36c59e 100644 --- a/2018/20xxx/CVE-2018-20131.json +++ b/2018/20xxx/CVE-2018-20131.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories/Permissions_vulnerability_in_Code42_app_on_Linux", - "refsource" : "MISC", - "url" : "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories/Permissions_vulnerability_in_Code42_app_on_Linux" - }, - { - "name" : "106452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories/Permissions_vulnerability_in_Code42_app_on_Linux", + "refsource": "MISC", + "url": "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories/Permissions_vulnerability_in_Code42_app_on_Linux" + }, + { + "name": "106452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106452" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20286.json b/2018/20xxx/CVE-2018-20286.json index b67ac47308d..6454b6bf5be 100644 --- a/2018/20xxx/CVE-2018-20286.json +++ b/2018/20xxx/CVE-2018-20286.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20286", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20286", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20431.json b/2018/20xxx/CVE-2018-20431.json index 452d84b9825..06373ea72fc 100644 --- a/2018/20xxx/CVE-2018-20431.json +++ b/2018/20xxx/CVE-2018-20431.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html" - }, - { - "name" : "https://gnunet.org/bugs/view.php?id=5494", - "refsource" : "MISC", - "url" : "https://gnunet.org/bugs/view.php?id=5494" - }, - { - "name" : "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7", - "refsource" : "MISC", - "url" : "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7" - }, - { - "name" : "https://gnunet.org/git/libextractor.git/tree/ChangeLog", - "refsource" : "MISC", - "url" : "https://gnunet.org/git/libextractor.git/tree/ChangeLog" - }, - { - "name" : "DSA-4361", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4361" - }, - { - "name" : "106300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gnunet.org/bugs/view.php?id=5494", + "refsource": "MISC", + "url": "https://gnunet.org/bugs/view.php?id=5494" + }, + { + "name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html" + }, + { + "name": "DSA-4361", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4361" + }, + { + "name": "https://gnunet.org/git/libextractor.git/tree/ChangeLog", + "refsource": "MISC", + "url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog" + }, + { + "name": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7", + "refsource": "MISC", + "url": "https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7" + }, + { + "name": "106300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106300" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20573.json b/2018/20xxx/CVE-2018-20573.json index 2af3dc8a22a..89528515b1d 100644 --- a/2018/20xxx/CVE-2018-20573.json +++ b/2018/20xxx/CVE-2018-20573.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jbeder/yaml-cpp/issues/655", - "refsource" : "MISC", - "url" : "https://github.com/jbeder/yaml-cpp/issues/655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jbeder/yaml-cpp/issues/655", + "refsource": "MISC", + "url": "https://github.com/jbeder/yaml-cpp/issues/655" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9874.json b/2018/9xxx/CVE-2018-9874.json index b760ba9be16..ffbf96fa08f 100644 --- a/2018/9xxx/CVE-2018-9874.json +++ b/2018/9xxx/CVE-2018-9874.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9874", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9874", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file