From 5e737929fe612028e473c70200358298c7c4b6aa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:36:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0287.json | 150 ++++----- 2002/0xxx/CVE-2002-0362.json | 140 ++++----- 2002/0xxx/CVE-2002-0380.json | 220 +++++++------- 2002/0xxx/CVE-2002-0639.json | 260 ++++++++-------- 2002/0xxx/CVE-2002-0700.json | 150 ++++----- 2002/1xxx/CVE-2002-1332.json | 34 +-- 2002/1xxx/CVE-2002-1344.json | 280 ++++++++--------- 2002/1xxx/CVE-2002-1416.json | 140 ++++----- 2002/1xxx/CVE-2002-1837.json | 150 ++++----- 2002/2xxx/CVE-2002-2147.json | 34 +-- 2002/2xxx/CVE-2002-2386.json | 140 ++++----- 2005/0xxx/CVE-2005-0035.json | 180 +++++------ 2005/1xxx/CVE-2005-1020.json | 190 ++++++------ 2005/1xxx/CVE-2005-1267.json | 210 ++++++------- 2009/0xxx/CVE-2009-0783.json | 540 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1586.json | 210 ++++++------- 2009/1xxx/CVE-2009-1689.json | 250 +++++++-------- 2009/5xxx/CVE-2009-5130.json | 120 ++++---- 2012/0xxx/CVE-2012-0594.json | 220 +++++++------- 2012/0xxx/CVE-2012-0612.json | 220 +++++++------- 2012/2xxx/CVE-2012-2251.json | 180 +++++------ 2012/2xxx/CVE-2012-2518.json | 34 +-- 2012/3xxx/CVE-2012-3340.json | 34 +-- 2012/3xxx/CVE-2012-3577.json | 170 +++++------ 2012/3xxx/CVE-2012-3584.json | 34 +-- 2012/3xxx/CVE-2012-3805.json | 160 +++++----- 2012/4xxx/CVE-2012-4524.json | 34 +-- 2012/4xxx/CVE-2012-4606.json | 34 +-- 2012/4xxx/CVE-2012-4609.json | 120 ++++---- 2012/4xxx/CVE-2012-4754.json | 130 ++++---- 2012/4xxx/CVE-2012-4907.json | 130 ++++---- 2017/2xxx/CVE-2017-2029.json | 34 +-- 2017/2xxx/CVE-2017-2745.json | 122 ++++---- 2017/2xxx/CVE-2017-2788.json | 130 ++++---- 2017/6xxx/CVE-2017-6167.json | 138 ++++----- 2017/6xxx/CVE-2017-6661.json | 150 ++++----- 2017/6xxx/CVE-2017-6759.json | 140 ++++----- 2018/11xxx/CVE-2018-11103.json | 34 +-- 2018/11xxx/CVE-2018-11979.json | 34 +-- 2018/14xxx/CVE-2018-14153.json | 34 +-- 2018/14xxx/CVE-2018-14553.json | 34 +-- 2018/14xxx/CVE-2018-14599.json | 210 ++++++------- 2018/14xxx/CVE-2018-14875.json | 34 +-- 2018/15xxx/CVE-2018-15082.json | 34 +-- 2018/15xxx/CVE-2018-15543.json | 120 ++++---- 2018/15xxx/CVE-2018-15569.json | 120 ++++---- 2018/20xxx/CVE-2018-20201.json | 120 ++++---- 2018/20xxx/CVE-2018-20650.json | 150 ++++----- 2018/9xxx/CVE-2018-9121.json | 130 ++++---- 49 files changed, 3333 insertions(+), 3333 deletions(-) diff --git a/2002/0xxx/CVE-2002-0287.json b/2002/0xxx/CVE-2002-0287.json index bea8b94f2d5..01b81b9692e 100644 --- a/2002/0xxx/CVE-2002-0287.json +++ b/2002/0xxx/CVE-2002-0287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020216 pforum: mysql-injection-bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101389284625019&w=2" - }, - { - "name" : "http://www.powie.de/news/index.php", - "refsource" : "CONFIRM", - "url" : "http://www.powie.de/news/index.php" - }, - { - "name" : "4114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4114" - }, - { - "name" : "pforum-quotes-sql-injection(8203)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8203.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020216 pforum: mysql-injection-bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101389284625019&w=2" + }, + { + "name": "pforum-quotes-sql-injection(8203)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8203.php" + }, + { + "name": "http://www.powie.de/news/index.php", + "refsource": "CONFIRM", + "url": "http://www.powie.de/news/index.php" + }, + { + "name": "4114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4114" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0362.json b/2002/0xxx/CVE-2002-0362.json index 6bff34529c6..c6d3e27131a 100644 --- a/2002/0xxx/CVE-2002-0362.json +++ b/2002/0xxx/CVE-2002-0362.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020506 w00w00 on AOL Instant Messenger remote overflow #2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102071080509955&w=2" - }, - { - "name" : "4677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4677" - }, - { - "name" : "aim-addexternalapp-bo(9017)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9017.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aim-addexternalapp-bo(9017)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9017.php" + }, + { + "name": "20020506 w00w00 on AOL Instant Messenger remote overflow #2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102071080509955&w=2" + }, + { + "name": "4677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4677" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0380.json b/2002/0xxx/CVE-2002-0380.json index 77e0de1e5be..e25efa9ced4 100644 --- a/2002/0xxx/CVE-2002-0380.json +++ b/2002/0xxx/CVE-2002-0380.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2002:094", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-094.html" - }, - { - "name" : "RHSA-2002:121", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-121.html" - }, - { - "name" : "RHSA-2003:214", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html" - }, - { - "name" : "FreeBSD-SA-02:29", - "refsource" : "FREEBSD", - "url" : "http://marc.info/?l=bugtraq&m=102650721503642&w=2" - }, - { - "name" : "CLA-2002:491", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491" - }, - { - "name" : "CSSA-2002-025.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt" - }, - { - "name" : "DSA-255", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-255" - }, - { - "name" : "20020606 TSLSA-2002-0055 - tcpdump", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102339541014226&w=2" - }, - { - "name" : "tcpdump-nfs-bo(9216)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9216.php" - }, - { - "name" : "4890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4890" - }, - { - "name" : "HPSBTL0205-044", - "refsource" : "HP", - "url" : "http://online.securityfocus.com/advisories/4169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2002-025.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt" + }, + { + "name": "RHSA-2002:121", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-121.html" + }, + { + "name": "4890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4890" + }, + { + "name": "FreeBSD-SA-02:29", + "refsource": "FREEBSD", + "url": "http://marc.info/?l=bugtraq&m=102650721503642&w=2" + }, + { + "name": "tcpdump-nfs-bo(9216)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9216.php" + }, + { + "name": "RHSA-2003:214", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-214.html" + }, + { + "name": "DSA-255", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-255" + }, + { + "name": "20020606 TSLSA-2002-0055 - tcpdump", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102339541014226&w=2" + }, + { + "name": "CLA-2002:491", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491" + }, + { + "name": "RHSA-2002:094", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-094.html" + }, + { + "name": "HPSBTL0205-044", + "refsource": "HP", + "url": "http://online.securityfocus.com/advisories/4169" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0639.json b/2002/0xxx/CVE-2002-0639.json index bc79ed8c58c..d7a2498309a 100644 --- a/2002/0xxx/CVE-2002-0639.json +++ b/2002/0xxx/CVE-2002-0639.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020626 OpenSSH Security Advisory (adv.iss)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102514371522793&w=2" - }, - { - "name" : "20020626 Revised OpenSSH Security Advisory (adv.iss)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102514631524575&w=2" - }, - { - "name" : "20020627 How to reproduce OpenSSH Overflow.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102521542826833&w=2" - }, - { - "name" : "VU#369347", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/369347" - }, - { - "name" : "CA-2002-18", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-18.html" - }, - { - "name" : "DSA-134", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-134" - }, - { - "name" : "HPSBUX0206-195", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195" - }, - { - "name" : "CSSA-2002-030.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt" - }, - { - "name" : "20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html" - }, - { - "name" : "CLA-2002:502", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502" - }, - { - "name" : "ESA-20020702-016", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/other_advisory-2177.html" - }, - { - "name" : "MDKSA-2002:040", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040" - }, - { - "name" : "5093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5093" - }, - { - "name" : "openssh-challenge-response-bo(9169)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9169.php" - }, - { - "name" : "6245", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-134", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-134" + }, + { + "name": "openssh-challenge-response-bo(9169)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9169.php" + }, + { + "name": "20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html" + }, + { + "name": "20020626 OpenSSH Security Advisory (adv.iss)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102514371522793&w=2" + }, + { + "name": "6245", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6245" + }, + { + "name": "CA-2002-18", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-18.html" + }, + { + "name": "20020627 How to reproduce OpenSSH Overflow.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102521542826833&w=2" + }, + { + "name": "5093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5093" + }, + { + "name": "CSSA-2002-030.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt" + }, + { + "name": "ESA-20020702-016", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/other_advisory-2177.html" + }, + { + "name": "VU#369347", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/369347" + }, + { + "name": "CLA-2002:502", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502" + }, + { + "name": "HPSBUX0206-195", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195" + }, + { + "name": "MDKSA-2002:040", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040" + }, + { + "name": "20020626 Revised OpenSSH Security Advisory (adv.iss)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102514631524575&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0700.json b/2002/0xxx/CVE-2002-0700.json index 202195a8731..53821172213 100644 --- a/2002/0xxx/CVE-2002-0700.json +++ b/2002/0xxx/CVE-2002-0700.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka \"Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041" - }, - { - "name" : "mcms-authentication-bo(9783)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9783.php" - }, - { - "name" : "5420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5420" - }, - { - "name" : "4862", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka \"Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mcms-authentication-bo(9783)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9783.php" + }, + { + "name": "5420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5420" + }, + { + "name": "MS02-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041" + }, + { + "name": "4862", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4862" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1332.json b/2002/1xxx/CVE-2002-1332.json index fce10559aea..6d7f1bd1156 100644 --- a/2002/1xxx/CVE-2002-1332.json +++ b/2002/1xxx/CVE-2002-1332.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1332", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1332", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1344.json b/2002/1xxx/CVE-2002-1344.json index 07fc2165b06..bdd6af0b92e 100644 --- a/2002/1xxx/CVE-2002-1344.json +++ b/2002/1xxx/CVE-2002-1344.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021211 Directory Traversal Vulnerabilities in FTP Clients", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103962838628940&w=2" - }, - { - "name" : "20021210 Directory Traversal Vulnerabilities in FTP Clients", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html" - }, - { - "name" : "CSSA-2003.003.0", - "refsource" : "CALDERA", - "url" : "http://www.securityfocus.com/archive/1/307045/30/26300/threaded" - }, - { - "name" : "CLA-2002:552", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552" - }, - { - "name" : "CLSA-2002:552", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552" - }, - { - "name" : "DSA-209", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2002/dsa-209" - }, - { - "name" : "MDKSA-2002:086", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php" - }, - { - "name" : "OpenPKG-SA-2003.007", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.html" - }, - { - "name" : "RHSA-2002:229", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-229.html" - }, - { - "name" : "RHSA-2002:256", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-256.html" - }, - { - "name" : "CSSA-2003-003.0", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt" - }, - { - "name" : "20021219 TSLSA-2002-0089 - wget", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104033016703851&w=2" - }, - { - "name" : "N-022", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-022.shtml" - }, - { - "name" : "VU#210148", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210148" - }, - { - "name" : "6352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6352" - }, - { - "name" : "6360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6360" - }, - { - "name" : "wget-ftp-filename-traversal(10820)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10820.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLSA-2002:552", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552" + }, + { + "name": "CSSA-2003-003.0", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt" + }, + { + "name": "DSA-209", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2002/dsa-209" + }, + { + "name": "20021219 TSLSA-2002-0089 - wget", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104033016703851&w=2" + }, + { + "name": "N-022", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-022.shtml" + }, + { + "name": "6360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6360" + }, + { + "name": "RHSA-2002:256", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-256.html" + }, + { + "name": "MDKSA-2002:086", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php" + }, + { + "name": "20021211 Directory Traversal Vulnerabilities in FTP Clients", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103962838628940&w=2" + }, + { + "name": "CLA-2002:552", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552" + }, + { + "name": "RHSA-2002:229", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-229.html" + }, + { + "name": "CSSA-2003.003.0", + "refsource": "CALDERA", + "url": "http://www.securityfocus.com/archive/1/307045/30/26300/threaded" + }, + { + "name": "20021210 Directory Traversal Vulnerabilities in FTP Clients", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html" + }, + { + "name": "6352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6352" + }, + { + "name": "VU#210148", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210148" + }, + { + "name": "wget-ftp-filename-traversal(10820)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10820.php" + }, + { + "name": "OpenPKG-SA-2003.007", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1416.json b/2002/1xxx/CVE-2002-1416.json index 59869253273..6523be1304f 100644 --- a/2002/1xxx/CVE-2002-1416.json +++ b/2002/1xxx/CVE-2002-1416.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020820 Advisory: DoS in WebEasyMail +more possible?", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/288222" - }, - { - "name" : "webeasymail-pop3-bruteforce(9925)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9925.php" - }, - { - "name" : "5519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020820 Advisory: DoS in WebEasyMail +more possible?", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/288222" + }, + { + "name": "webeasymail-pop3-bruteforce(9925)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9925.php" + }, + { + "name": "5519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5519" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1837.json b/2002/1xxx/CVE-2002-1837.json index 4471f5ebec9..4c21722cefb 100644 --- a/2002/1xxx/CVE-2002-1837.json +++ b/2002/1xxx/CVE-2002-1837.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via \"..\" sequences in the album parameter, which generates different error messages depending on whether the directory exists or not." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020528 Information Disclosure Vulnerability in IDS 0.8x", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/274433" - }, - { - "name" : "http://ids.sourceforge.net/ChangeLog.html", - "refsource" : "CONFIRM", - "url" : "http://ids.sourceforge.net/ChangeLog.html" - }, - { - "name" : "4870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4870" - }, - { - "name" : "ids-dir-existence(9201)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9201.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via \"..\" sequences in the album parameter, which generates different error messages depending on whether the directory exists or not." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ids-dir-existence(9201)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9201.php" + }, + { + "name": "20020528 Information Disclosure Vulnerability in IDS 0.8x", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/274433" + }, + { + "name": "http://ids.sourceforge.net/ChangeLog.html", + "refsource": "CONFIRM", + "url": "http://ids.sourceforge.net/ChangeLog.html" + }, + { + "name": "4870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4870" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2147.json b/2002/2xxx/CVE-2002-2147.json index f66b4e8da29..d537465f5a0 100644 --- a/2002/2xxx/CVE-2002-2147.json +++ b/2002/2xxx/CVE-2002-2147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2147", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1828. Reason: This candidate is a duplicate of CVE-2002-1828. Notes: All CVE users should reference CVE-2002-1828 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-2147", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1828. Reason: This candidate is a duplicate of CVE-2002-1828. Notes: All CVE users should reference CVE-2002-1828 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2386.json b/2002/2xxx/CVE-2002-2386.json index a197d390696..b703ca3312c 100644 --- a/2002/2xxx/CVE-2002-2386.json +++ b/2002/2xxx/CVE-2002-2386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021110 xoops Quizz Module IMG bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0131.html" - }, - { - "name" : "http://www.blocus-zone.com/modules/news/article.php?storyid=180", - "refsource" : "MISC", - "url" : "http://www.blocus-zone.com/modules/news/article.php?storyid=180" - }, - { - "name" : "xoops-quiz-module-xss(10594)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10594.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blocus-zone.com/modules/news/article.php?storyid=180", + "refsource": "MISC", + "url": "http://www.blocus-zone.com/modules/news/article.php?storyid=180" + }, + { + "name": "20021110 xoops Quizz Module IMG bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0131.html" + }, + { + "name": "xoops-quiz-module-xss(10594)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10594.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0035.json b/2005/0xxx/CVE-2005-0035.json index 606d19ef697..3c5397b9335 100644 --- a/2005/0xxx/CVE-2005-0035.json +++ b/2005/0xxx/CVE-2005-0035.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hyperdose.com/advisories/H2005-06.txt", - "refsource" : "MISC", - "url" : "http://www.hyperdose.com/advisories/H2005-06.txt" - }, - { - "name" : "http://www.adobe.com/support/techdocs/331465.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/331465.html" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf" - }, - { - "name" : "12989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12989" - }, - { - "name" : "ADV-2005-0310", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0310" - }, - { - "name" : "15242", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15242" - }, - { - "name" : "14813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14813" + }, + { + "name": "http://www.adobe.com/support/techdocs/331465.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/331465.html" + }, + { + "name": "12989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12989" + }, + { + "name": "15242", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15242" + }, + { + "name": "http://www.hyperdose.com/advisories/H2005-06.txt", + "refsource": "MISC", + "url": "http://www.hyperdose.com/advisories/H2005-06.txt" + }, + { + "name": "ADV-2005-0310", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0310" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1020.json b/2005/1xxx/CVE-2005-1020.json index c26bfef7fd9..c89041a1cd7 100644 --- a/2005/1xxx/CVE-2005-1020.json +++ b/2005/1xxx/CVE-2005-1020.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050406 Vulnerabilities in Cisco IOS Secure Shell Server", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml" - }, - { - "name" : "13043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13043" - }, - { - "name" : "oval:org.mitre.oval:def:5455", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5455" - }, - { - "name" : "1013655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Apr/1013655.html" - }, - { - "name" : "14854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14854" - }, - { - "name" : "cisco-ios-sshv2-tacacs-authentication-dos(19987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19987" - }, - { - "name" : "cisco-ios-authentication-send-dos(19989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19989" - }, - { - "name" : "cisco-ios-ssh-message-log-dos(19990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Apr/1013655.html" + }, + { + "name": "13043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13043" + }, + { + "name": "cisco-ios-sshv2-tacacs-authentication-dos(19987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19987" + }, + { + "name": "cisco-ios-authentication-send-dos(19989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19989" + }, + { + "name": "14854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14854" + }, + { + "name": "cisco-ios-ssh-message-log-dos(19990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19990" + }, + { + "name": "20050406 Vulnerabilities in Cisco IOS Secure Shell Server", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml" + }, + { + "name": "oval:org.mitre.oval:def:5455", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5455" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1267.json b/2005/1xxx/CVE-2005-1267.json index 958aa854fb0..7fb73be2de2 100644 --- a/2005/1xxx/CVE-2005-1267.json +++ b/2005/1xxx/CVE-2005-1267.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208" - }, - { - "name" : "DSA-854", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-854" - }, - { - "name" : "FEDORA-2005-406", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html" - }, - { - "name" : "FLSA:156139", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/430292/100/0/threaded" - }, - { - "name" : "RHSA-2005:505", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-505.html" - }, - { - "name" : "2005-0028", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0028/" - }, - { - "name" : "13906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13906" - }, - { - "name" : "oval:org.mitre.oval:def:11148", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148" - }, - { - "name" : "15634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15634/" - }, - { - "name" : "17118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13906" + }, + { + "name": "17118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17118" + }, + { + "name": "2005-0028", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0028/" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208" + }, + { + "name": "15634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15634/" + }, + { + "name": "RHSA-2005:505", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-505.html" + }, + { + "name": "oval:org.mitre.oval:def:11148", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148" + }, + { + "name": "FEDORA-2005-406", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html" + }, + { + "name": "FLSA:156139", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded" + }, + { + "name": "DSA-854", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-854" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0783.json b/2009/0xxx/CVE-2009-0783.json index 42751a5b6dc..747857d2e6a 100644 --- a/2009/0xxx/CVE-2009-0783.json +++ b/2009/0xxx/CVE-2009-0783.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504090/100/0/threaded" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=652592&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=652592&view=rev" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=681156&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=681156&view=rev" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=739522&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=739522&view=rev" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=781542&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=781542&view=rev" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=781708&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=781708&view=rev" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936" - }, - { - "name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-2207", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2207" - }, - { - "name" : "FEDORA-2009-11352", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" - }, - { - "name" : "FEDORA-2009-11356", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" - }, - { - "name" : "FEDORA-2009-11374", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" - }, - { - "name" : "HPSBUX02579", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2" - }, - { - "name" : "SSRT100203", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBMA02535", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" - }, - { - "name" : "SSRT100029", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" - }, - { - "name" : "MDVSA-2009:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" - }, - { - "name" : "MDVSA-2009:138", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" - }, - { - "name" : "MDVSA-2010:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" - }, - { - "name" : "263529", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "35416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35416" - }, - { - "name" : "oval:org.mitre.oval:def:10716", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716" - }, - { - "name" : "oval:org.mitre.oval:def:6450", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450" - }, - { - "name" : "oval:org.mitre.oval:def:18913", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913" - }, - { - "name" : "1022336", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022336" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "35788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35788" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "42368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42368" - }, - { - "name" : "ADV-2009-1856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1856" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "ADV-2010-3056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3056" - }, - { - "name" : "tomcat-xml-information-disclosure(51195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "HPSBMA02535", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?rev=652592&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=652592&view=rev" + }, + { + "name": "MDVSA-2009:138", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" + }, + { + "name": "FEDORA-2009-11356", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" + }, + { + "name": "DSA-2207", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2207" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "http://svn.apache.org/viewvc?rev=781542&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=781542&view=rev" + }, + { + "name": "oval:org.mitre.oval:def:18913", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913" + }, + { + "name": "ADV-2010-3056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3056" + }, + { + "name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "35788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35788" + }, + { + "name": "SSRT100029", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?rev=781708&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=781708&view=rev" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://svn.apache.org/viewvc?rev=739522&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=739522&view=rev" + }, + { + "name": "ADV-2009-1856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1856" + }, + { + "name": "MDVSA-2010:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "http://svn.apache.org/viewvc?rev=681156&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=681156&view=rev" + }, + { + "name": "42368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42368" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933" + }, + { + "name": "FEDORA-2009-11374", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" + }, + { + "name": "oval:org.mitre.oval:def:6450", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "1022336", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022336" + }, + { + "name": "tomcat-xml-information-disclosure(51195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195" + }, + { + "name": "FEDORA-2009-11352", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "HPSBUX02579", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "MDVSA-2009:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" + }, + { + "name": "263529", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" + }, + { + "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936" + }, + { + "name": "SSRT100203", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" + }, + { + "name": "35416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35416" + }, + { + "name": "oval:org.mitre.oval:def:10716", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1586.json b/2009/1xxx/CVE-2009-1586.json index f6f310d0f06..99ec5b8b201 100644 --- a/2009/1xxx/CVE-2009-1586.json +++ b/2009/1xxx/CVE-2009-1586.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090503 Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503184/100/0/threaded" - }, - { - "name" : "8612", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8612" - }, - { - "name" : "http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html", - "refsource" : "MISC", - "url" : "http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html" - }, - { - "name" : "http://www.shemes.com/index.php?p=whatsnew", - "refsource" : "CONFIRM", - "url" : "http://www.shemes.com/index.php?p=whatsnew" - }, - { - "name" : "34807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34807" - }, - { - "name" : "54205", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54205" - }, - { - "name" : "1022161", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022161" - }, - { - "name" : "34893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34893" - }, - { - "name" : "ADV-2009-1243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1243" - }, - { - "name" : "grabit-nzb-bo(50310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.shemes.com/index.php?p=whatsnew", + "refsource": "CONFIRM", + "url": "http://www.shemes.com/index.php?p=whatsnew" + }, + { + "name": "grabit-nzb-bo(50310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50310" + }, + { + "name": "http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html", + "refsource": "MISC", + "url": "http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html" + }, + { + "name": "20090503 Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503184/100/0/threaded" + }, + { + "name": "1022161", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022161" + }, + { + "name": "8612", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8612" + }, + { + "name": "34807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34807" + }, + { + "name": "34893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34893" + }, + { + "name": "54205", + "refsource": "OSVDB", + "url": "http://osvdb.org/54205" + }, + { + "name": "ADV-2009-1243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1243" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1689.json b/2009/1xxx/CVE-2009-1689.json index 5c6fca29b76..04599baa885 100644 --- a/2009/1xxx/CVE-2009-1689.json +++ b/2009/1xxx/CVE-2009-1689.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "35332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35332" - }, - { - "name" : "54988", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54988" - }, - { - "name" : "1022344", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022344" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022344", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022344" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "54988", + "refsource": "OSVDB", + "url": "http://osvdb.org/54988" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + }, + { + "name": "35332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35332" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5130.json b/2009/5xxx/CVE-2009-5130.json index 5abe6644ee1..6736179f587 100644 --- a/2009/5xxx/CVE-2009-5130.json +++ b/2009/5xxx/CVE-2009-5130.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0594.json b/2012/0xxx/CVE-2012-0594.json index 39091cd0bf7..a91014645ea 100644 --- a/2012/0xxx/CVE-2012-0594.json +++ b/2012/0xxx/CVE-2012-0594.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79916", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79916" - }, - { - "name" : "oval:org.mitre.oval:def:16941", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16941" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120594-code-execution(73813)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16941", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16941" + }, + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "apple-webkit-cve20120594-code-execution(73813)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73813" + }, + { + "name": "79916", + "refsource": "OSVDB", + "url": "http://osvdb.org/79916" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0612.json b/2012/0xxx/CVE-2012-0612.json index e4bce40545a..7e7e5a96e7d 100644 --- a/2012/0xxx/CVE-2012-0612.json +++ b/2012/0xxx/CVE-2012-0612.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79934", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79934" - }, - { - "name" : "oval:org.mitre.oval:def:17156", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17156" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120612-code-execution(73831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apple-webkit-cve20120612-code-execution(73831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73831" + }, + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "79934", + "refsource": "OSVDB", + "url": "http://osvdb.org/79934" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "oval:org.mitre.oval:def:17156", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17156" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2251.json b/2012/2xxx/CVE-2012-2251.json index 67002ca6df8..c83b3cace0a 100644 --- a/2012/2xxx/CVE-2012-2251.json +++ b/2012/2xxx/CVE-2012-2251.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2012-2251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121127 Re: rssh security announcement", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html" - }, - { - "name" : "[oss-security] 20121128 rssh: incorrect filtering of command line options", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/27/15" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=877279", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=877279" - }, - { - "name" : "DSA-2578", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2578" - }, - { - "name" : "56708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56708" - }, - { - "name" : "51307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51307" - }, - { - "name" : "rssh-eoption-command-execution(80334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51307" + }, + { + "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15" + }, + { + "name": "DSA-2578", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2578" + }, + { + "name": "56708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56708" + }, + { + "name": "rssh-eoption-command-execution(80334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=877279", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279" + }, + { + "name": "20121127 Re: rssh security announcement", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2518.json b/2012/2xxx/CVE-2012-2518.json index c7e20a444d9..e84fb8165de 100644 --- a/2012/2xxx/CVE-2012-2518.json +++ b/2012/2xxx/CVE-2012-2518.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2518", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2518", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3340.json b/2012/3xxx/CVE-2012-3340.json index 159dcdcfe46..379e556cb19 100644 --- a/2012/3xxx/CVE-2012-3340.json +++ b/2012/3xxx/CVE-2012-3340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3577.json b/2012/3xxx/CVE-2012-3577.json index 7d70ce492e4..6d2e57ae218 100644 --- a/2012/3xxx/CVE-2012-3577.json +++ b/2012/3xxx/CVE-2012-3577.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html" - }, - { - "name" : "http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/", - "refsource" : "MISC", - "url" : "http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/" - }, - { - "name" : "http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html" - }, - { - "name" : "53790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53790" - }, - { - "name" : "49375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49375" - }, - { - "name" : "wp-nmedia-doupload-file-upload(76076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/", + "refsource": "MISC", + "url": "http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/" + }, + { + "name": "http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html" + }, + { + "name": "53790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53790" + }, + { + "name": "http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html", + "refsource": "MISC", + "url": "http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html" + }, + { + "name": "49375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49375" + }, + { + "name": "wp-nmedia-doupload-file-upload(76076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76076" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3584.json b/2012/3xxx/CVE-2012-3584.json index d3c3184858b..0674088b7df 100644 --- a/2012/3xxx/CVE-2012-3584.json +++ b/2012/3xxx/CVE-2012-3584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3584", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3584", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3805.json b/2012/3xxx/CVE-2012-3805.json index e64d063de88..ac063f6f32a 100644 --- a/2012/3xxx/CVE-2012-3805.json +++ b/2012/3xxx/CVE-2012-3805.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120711 Multiple Cross-Site Scripting (XSS) in Kajona", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23097", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23097" - }, - { - "name" : "http://www.kajona.de/changelog_34x.de.html", - "refsource" : "CONFIRM", - "url" : "http://www.kajona.de/changelog_34x.de.html" - }, - { - "name" : "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html", - "refsource" : "CONFIRM", - "url" : "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html" - }, - { - "name" : "49849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49849" + }, + { + "name": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html", + "refsource": "CONFIRM", + "url": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html" + }, + { + "name": "http://www.kajona.de/changelog_34x.de.html", + "refsource": "CONFIRM", + "url": "http://www.kajona.de/changelog_34x.de.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23097", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23097" + }, + { + "name": "20120711 Multiple Cross-Site Scripting (XSS) in Kajona", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4524.json b/2012/4xxx/CVE-2012-4524.json index 585153e4daf..14bb82cb745 100644 --- a/2012/4xxx/CVE-2012-4524.json +++ b/2012/4xxx/CVE-2012-4524.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4524", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4524", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4606.json b/2012/4xxx/CVE-2012-4606.json index 34e5b493e60..7baa5f49640 100644 --- a/2012/4xxx/CVE-2012-4606.json +++ b/2012/4xxx/CVE-2012-4606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4609.json b/2012/4xxx/CVE-2012-4609.json index 764bbb210e2..af95a214fc1 100644 --- a/2012/4xxx/CVE-2012-4609.json +++ b/2012/4xxx/CVE-2012-4609.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-4609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121130 ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20121130 ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0002.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4754.json b/2012/4xxx/CVE-2012-4754.json index bb97a1e9878..9f4c1fd434d 100644 --- a/2012/4xxx/CVE-2012-4754.json +++ b/2012/4xxx/CVE-2012-4754.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mmap file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php" - }, - { - "name" : "47797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mmap file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php" + }, + { + "name": "47797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47797" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4907.json b/2012/4xxx/CVE-2012-4907.json index cad43cece7b..d7e62da17c6 100644 --- a/2012/4xxx/CVE-2012-4907.json +++ b/2012/4xxx/CVE-2012-4907.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=137532", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=137532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=137532", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=137532" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2029.json b/2017/2xxx/CVE-2017-2029.json index 7acf17f876d..a69449dfa10 100644 --- a/2017/2xxx/CVE-2017-2029.json +++ b/2017/2xxx/CVE-2017-2029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2029", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2029", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2745.json b/2017/2xxx/CVE-2017-2745.json index 2f581ec1793..30e35e45634 100644 --- a/2017/2xxx/CVE-2017-2745.json +++ b/2017/2xxx/CVE-2017-2745.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "hp-security-alert@hp.com", - "DATE_PUBLIC" : "2017-01-17T00:00:00", - "ID" : "CVE-2017-2745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HP JetAdvantage Security Manager", - "version" : { - "version_data" : [ - { - "version_value" : "before 3.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "HP Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "DATE_PUBLIC": "2017-01-17T00:00:00", + "ID": "CVE-2017-2745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HP JetAdvantage Security Manager", + "version": { + "version_data": [ + { + "version_value": "before 3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "HP Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI03562", - "refsource" : "HP", - "url" : "https://support.hp.com/us-en/document/c05639510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI03562", + "refsource": "HP", + "url": "https://support.hp.com/us-en/document/c05639510" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2788.json b/2017/2xxx/CVE-2017-2788.json index f0c11e928a8..15330e6aed5 100644 --- a/2017/2xxx/CVE-2017-2788.json +++ b/2017/2xxx/CVE-2017-2788.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PopUp Printer Client", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Pharos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PopUp Printer Client", + "version": { + "version_data": [ + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "Pharos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2017-0283/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2017-0283/" - }, - { - "name" : "96742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2017-0283/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2017-0283/" + }, + { + "name": "96742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96742" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6167.json b/2017/6xxx/CVE-2017-6167.json index bfec2aa3fed..0d22a31c984 100644 --- a/2017/6xxx/CVE-2017-6167.json +++ b/2017/6xxx/CVE-2017-6167.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-12-20T00:00:00", - "ID" : "CVE-2017-6167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.1.0 - 12.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-12-20T00:00:00", + "ID": "CVE-2017-6167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.1.0 - 12.1.2" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K24465120", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K24465120" - }, - { - "name" : "1040053", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K24465120", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K24465120" + }, + { + "name": "1040053", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040053" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6661.json b/2017/6xxx/CVE-2017-6661.json index 66e63baf38b..58d62e4be89 100644 --- a/2017/6xxx/CVE-2017-6661.json +++ b/2017/6xxx/CVE-2017-6661.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Email Security and Content Security Management Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Email Security and Content Security Management Appliance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Email Security and Content Security Management Appliance", + "version": { + "version_data": [ + { + "version_value": "Cisco Email Security and Content Security Management Appliance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa" - }, - { - "name" : "98950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98950" - }, - { - "name" : "1038637", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038637" - }, - { - "name" : "1038638", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038638", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038638" + }, + { + "name": "98950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98950" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa" + }, + { + "name": "1038637", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038637" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6759.json b/2017/6xxx/CVE-2017-6759.json index d0a4ead19e9..4ddd64618f7 100644 --- a/2017/6xxx/CVE-2017-6759.json +++ b/2017/6xxx/CVE-2017-6759.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning Tool", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning Tool" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning Tool", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning Tool" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304", - "refsource" : "CONFIRM", - "url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt" - }, - { - "name" : "1039062", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt" + }, + { + "name": "1039062", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039062" + }, + { + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304", + "refsource": "CONFIRM", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11103.json b/2018/11xxx/CVE-2018-11103.json index bfe617d8446..4b58d6036b7 100644 --- a/2018/11xxx/CVE-2018-11103.json +++ b/2018/11xxx/CVE-2018-11103.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11103", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11103", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11979.json b/2018/11xxx/CVE-2018-11979.json index 58edb2e1dec..a5e592fa0fc 100644 --- a/2018/11xxx/CVE-2018-11979.json +++ b/2018/11xxx/CVE-2018-11979.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11979", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11979", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14153.json b/2018/14xxx/CVE-2018-14153.json index 7ce47044fe4..24dea401691 100644 --- a/2018/14xxx/CVE-2018-14153.json +++ b/2018/14xxx/CVE-2018-14153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14153", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14153", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14553.json b/2018/14xxx/CVE-2018-14553.json index e1315de5cc4..2b89d3f2435 100644 --- a/2018/14xxx/CVE-2018-14553.json +++ b/2018/14xxx/CVE-2018-14553.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14553", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14553", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14599.json b/2018/14xxx/CVE-2018-14599.json index 9de74553aa0..0d46723af9f 100644 --- a/2018/14xxx/CVE-2018-14599.json +++ b/2018/14xxx/CVE-2018-14599.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180821 X.Org security advisory: August 21, 2018", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/08/21/6" - }, - { - "name" : "[xorg-announce] 20180821 libX11 1.6.6", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2018-August/002916.html" - }, - { - "name" : "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1102062", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1102062" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0" - }, - { - "name" : "GLSA-201811-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-01" - }, - { - "name" : "USN-3758-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3758-2/" - }, - { - "name" : "USN-3758-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3758-1/" - }, - { - "name" : "105177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105177" - }, - { - "name" : "1041543", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3758-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3758-2/" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102062", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102062" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0" + }, + { + "name": "GLSA-201811-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-01" + }, + { + "name": "105177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105177" + }, + { + "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6" + }, + { + "name": "1041543", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041543" + }, + { + "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html" + }, + { + "name": "[xorg-announce] 20180821 libX11 1.6.6", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html" + }, + { + "name": "USN-3758-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3758-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14875.json b/2018/14xxx/CVE-2018-14875.json index 73a911a552d..407dad619da 100644 --- a/2018/14xxx/CVE-2018-14875.json +++ b/2018/14xxx/CVE-2018-14875.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14875", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14875", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15082.json b/2018/15xxx/CVE-2018-15082.json index ddaf65c7fb7..9dcc8926209 100644 --- a/2018/15xxx/CVE-2018-15082.json +++ b/2018/15xxx/CVE-2018-15082.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15082", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15082", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15543.json b/2018/15xxx/CVE-2018-15543.json index e1e5dca0f6d..ca48b294371 100644 --- a/2018/15xxx/CVE-2018-15543.json +++ b/2018/15xxx/CVE-2018-15543.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/tanprathan/d286c0d5b02e344606287774304a1ccd", - "refsource" : "MISC", - "url" : "https://gist.github.com/tanprathan/d286c0d5b02e344606287774304a1ccd" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/tanprathan/d286c0d5b02e344606287774304a1ccd", + "refsource": "MISC", + "url": "https://gist.github.com/tanprathan/d286c0d5b02e344606287774304a1ccd" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15569.json b/2018/15xxx/CVE-2018-15569.json index 3027f670d89..0f8f38d9b20 100644 --- a/2018/15xxx/CVE-2018-15569.json +++ b/2018/15xxx/CVE-2018-15569.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "my little forum 2.4.12 allows CSRF for deletion of users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owendarlene.com/csrf-my-little-forum/", - "refsource" : "MISC", - "url" : "http://owendarlene.com/csrf-my-little-forum/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "my little forum 2.4.12 allows CSRF for deletion of users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owendarlene.com/csrf-my-little-forum/", + "refsource": "MISC", + "url": "http://owendarlene.com/csrf-my-little-forum/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20201.json b/2018/20xxx/CVE-2018-20201.json index 25f5ce7352d..0dc51ff03c8 100644 --- a/2018/20xxx/CVE-2018-20201.json +++ b/2018/20xxx/CVE-2018-20201.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/espruino/Espruino/issues/1587", - "refsource" : "MISC", - "url" : "https://github.com/espruino/Espruino/issues/1587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/espruino/Espruino/issues/1587", + "refsource": "MISC", + "url": "https://github.com/espruino/Espruino/issues/1587" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20650.json b/2018/20xxx/CVE-2018-20650.json index 99092398ba4..4e43a185db2 100644 --- a/2018/20xxx/CVE-2018-20650.json +++ b/2018/20xxx/CVE-2018-20650.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7" - }, - { - "name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/704", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/704" - }, - { - "name" : "USN-3865-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3865-1/" - }, - { - "name" : "106459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.freedesktop.org/poppler/poppler/issues/704", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704" + }, + { + "name": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7" + }, + { + "name": "106459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106459" + }, + { + "name": "USN-3865-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3865-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9121.json b/2018/9xxx/CVE-2018-9121.json index 36f3a9933a9..02ecbf1cc99 100644 --- a/2018/9xxx/CVE-2018-9121.json +++ b/2018/9xxx/CVE-2018-9121.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/", - "refsource" : "MISC", - "url" : "https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/" - }, - { - "name" : "https://www.youtube.com/watch?v=bCf0hO9upto", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=bCf0hO9upto" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=bCf0hO9upto", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=bCf0hO9upto" + }, + { + "name": "https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/", + "refsource": "MISC", + "url": "https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/" + } + ] + } +} \ No newline at end of file