From 5f283f636f2e0006f385d09453ab8bcb70b6cd14 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:11:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0118.json | 140 ++++++++-------- 2002/0xxx/CVE-2002-0214.json | 140 ++++++++-------- 2002/0xxx/CVE-2002-0550.json | 140 ++++++++-------- 2002/0xxx/CVE-2002-0848.json | 140 ++++++++-------- 2002/1xxx/CVE-2002-1096.json | 140 ++++++++-------- 2002/1xxx/CVE-2002-1160.json | 200 +++++++++++------------ 2002/2xxx/CVE-2002-2389.json | 160 +++++++++--------- 2003/0xxx/CVE-2003-0148.json | 130 +++++++-------- 2003/0xxx/CVE-2003-0698.json | 34 ++-- 2003/0xxx/CVE-2003-0990.json | 160 +++++++++--------- 2005/1xxx/CVE-2005-1432.json | 34 ++-- 2009/1xxx/CVE-2009-1034.json | 160 +++++++++--------- 2009/1xxx/CVE-2009-1301.json | 200 +++++++++++------------ 2009/1xxx/CVE-2009-1500.json | 140 ++++++++-------- 2009/1xxx/CVE-2009-1623.json | 130 +++++++-------- 2009/5xxx/CVE-2009-5128.json | 120 +++++++------- 2012/0xxx/CVE-2012-0448.json | 170 +++++++++---------- 2012/0xxx/CVE-2012-0511.json | 140 ++++++++-------- 2012/0xxx/CVE-2012-0994.json | 190 ++++++++++----------- 2012/3xxx/CVE-2012-3027.json | 34 ++-- 2012/3xxx/CVE-2012-3356.json | 260 ++++++++++++++--------------- 2012/3xxx/CVE-2012-3438.json | 180 ++++++++++---------- 2012/4xxx/CVE-2012-4312.json | 34 ++-- 2012/4xxx/CVE-2012-4610.json | 140 ++++++++-------- 2012/4xxx/CVE-2012-4660.json | 140 ++++++++-------- 2012/4xxx/CVE-2012-4741.json | 140 ++++++++-------- 2012/4xxx/CVE-2012-4865.json | 140 ++++++++-------- 2017/2xxx/CVE-2017-2043.json | 34 ++-- 2017/2xxx/CVE-2017-2269.json | 130 +++++++-------- 2017/2xxx/CVE-2017-2477.json | 130 +++++++-------- 2017/2xxx/CVE-2017-2561.json | 34 ++-- 2017/2xxx/CVE-2017-2970.json | 130 +++++++-------- 2017/6xxx/CVE-2017-6018.json | 120 +++++++------- 2017/6xxx/CVE-2017-6050.json | 140 ++++++++-------- 2017/6xxx/CVE-2017-6097.json | 140 ++++++++-------- 2017/6xxx/CVE-2017-6164.json | 150 ++++++++--------- 2017/7xxx/CVE-2017-7434.json | 194 +++++++++++----------- 2017/7xxx/CVE-2017-7507.json | 150 ++++++++--------- 2018/10xxx/CVE-2018-10683.json | 120 +++++++------- 2018/10xxx/CVE-2018-10902.json | 290 ++++++++++++++++----------------- 2018/14xxx/CVE-2018-14327.json | 160 +++++++++--------- 2018/14xxx/CVE-2018-14458.json | 120 +++++++------- 2018/15xxx/CVE-2018-15149.json | 150 ++++++++--------- 2018/15xxx/CVE-2018-15773.json | 144 ++++++++-------- 2018/15xxx/CVE-2018-15804.json | 120 +++++++------- 2018/20xxx/CVE-2018-20267.json | 34 ++-- 2018/20xxx/CVE-2018-20341.json | 34 ++-- 2018/20xxx/CVE-2018-20564.json | 120 +++++++------- 2018/9xxx/CVE-2018-9089.json | 34 ++-- 2018/9xxx/CVE-2018-9161.json | 130 +++++++-------- 2018/9xxx/CVE-2018-9485.json | 34 ++-- 51 files changed, 3289 insertions(+), 3289 deletions(-) diff --git a/2002/0xxx/CVE-2002-0118.json b/2002/0xxx/CVE-2002-0118.json index 457e501fb9b..8011996e6dc 100644 --- a/2002/0xxx/CVE-2002-0118.json +++ b/2002/0xxx/CVE-2002-0118.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/249031" - }, - { - "name" : "3829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3829" - }, - { - "name" : "ultimatebb-encoded-css(7838)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7838.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/249031" + }, + { + "name": "ultimatebb-encoded-css(7838)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7838.php" + }, + { + "name": "3829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3829" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0214.json b/2002/0xxx/CVE-2002-0214.json index 601ed6dbb60..5e57f75ce29 100644 --- a/2002/0xxx/CVE-2002-0214.json +++ b/2002/0xxx/CVE-2002-0214.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020128 Intel WLAN Driver storing 128bit WEP-Key in plain text!", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/252607" - }, - { - "name" : "3968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3968" - }, - { - "name" : "intel-wlan-wep-plaintext(8015)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8015.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3968" + }, + { + "name": "20020128 Intel WLAN Driver storing 128bit WEP-Key in plain text!", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/252607" + }, + { + "name": "intel-wlan-wep-plaintext(8015)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8015.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0550.json b/2002/0xxx/CVE-2002-0550.json index dd55f70fc48..25bfe7c0bae 100644 --- a/2002/0xxx/CVE-2002-0550.json +++ b/2002/0xxx/CVE-2002-0550.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html" - }, - { - "name" : "dynamic-guestbook-command-execution(8762)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8762.php" - }, - { - "name" : "4423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dynamic-guestbook-command-execution(8762)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8762.php" + }, + { + "name": "20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html" + }, + { + "name": "4423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4423" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0848.json b/2002/0xxx/CVE-2002-0848.json index 8e337c5e29e..b1844765fb3 100644 --- a/2002/0xxx/CVE-2002-0848.json +++ b/2002/0xxx/CVE-2002-0848.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml" - }, - { - "name" : "cisco-vpn5000-plaintext-password(9781)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9781.php" - }, - { - "name" : "5417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml" + }, + { + "name": "cisco-vpn5000-plaintext-password(9781)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9781.php" + }, + { + "name": "5417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5417" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1096.json b/2002/1xxx/CVE-2002-1096.json index c593b9691d9..c5fd0013eb3 100644 --- a/2002/1xxx/CVE-2002-1096.json +++ b/2002/1xxx/CVE-2002-1096.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" - }, - { - "name" : "5611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5611" - }, - { - "name" : "cisco-vpn-user-passwords(10019)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10019.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" + }, + { + "name": "5611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5611" + }, + { + "name": "cisco-vpn-user-passwords(10019)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10019.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1160.json b/2002/1xxx/CVE-2002-1160.json index 88e1b88484c..f8b07bf587f 100644 --- a/2002/1xxx/CVE-2002-1160.json +++ b/2002/1xxx/CVE-2002-1160.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104431622818954&w=2" - }, - { - "name" : "CLA-2003:693", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693" - }, - { - "name" : "MDKSA-2003:017", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017" - }, - { - "name" : "RHSA-2003:028", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-028.html" - }, - { - "name" : "RHSA-2003:035", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-035.html" - }, - { - "name" : "55760", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760" - }, - { - "name" : "VU#911505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/911505" - }, - { - "name" : "6753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6753" - }, - { - "name" : "linux-pamxauth-gain-privileges(11254)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11254.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#911505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/911505" + }, + { + "name": "55760", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760" + }, + { + "name": "CLA-2003:693", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693" + }, + { + "name": "20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104431622818954&w=2" + }, + { + "name": "linux-pamxauth-gain-privileges(11254)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11254.php" + }, + { + "name": "RHSA-2003:035", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-035.html" + }, + { + "name": "RHSA-2003:028", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-028.html" + }, + { + "name": "6753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6753" + }, + { + "name": "MDKSA-2003:017", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2389.json b/2002/2xxx/CVE-2002-2389.json index 5c06a69da3c..7edf73b4950 100644 --- a/2002/2xxx/CVE-2002-2389.json +++ b/2002/2xxx/CVE-2002-2389.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021014 TheServer log file access password in cleartext w/vendor resolution.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/295325" - }, - { - "name" : "20020717 TheServer cleartext password sillyness.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000138.html" - }, - { - "name" : "5250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5250" - }, - { - "name" : "1004799", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1004799" - }, - { - "name" : "fastlink-theserver-plaintext-passwords(9624)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9624.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fastlink-theserver-plaintext-passwords(9624)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9624.php" + }, + { + "name": "1004799", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1004799" + }, + { + "name": "20020717 TheServer cleartext password sillyness.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000138.html" + }, + { + "name": "20021014 TheServer log file access password in cleartext w/vendor resolution.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/295325" + }, + { + "name": "5250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5250" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0148.json b/2003/0xxx/CVE-2003-0148.json index b69a6aba674..78da4960145 100644 --- a/2003/0xxx/CVE-2003-0148.json +++ b/2003/0xxx/CVE-2003-0148.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A073103-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a073103-1.txt" - }, - { - "name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", - "refsource" : "CONFIRM", - "url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A073103-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a073103-1.txt" + }, + { + "name": "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", + "refsource": "CONFIRM", + "url": "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0698.json b/2003/0xxx/CVE-2003-0698.json index 37694b43465..979355f8de7 100644 --- a/2003/0xxx/CVE-2003-0698.json +++ b/2003/0xxx/CVE-2003-0698.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0698", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0698", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0990.json b/2003/0xxx/CVE-2003-0990.json index 3004270ddb4..ccf3b1bf2a0 100644 --- a/2003/0xxx/CVE-2003-0990.json +++ b/2003/0xxx/CVE-2003-0990.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the \"To:\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031224 Bugtraq Security Systems ADV-0001", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107247236124180&w=2" - }, - { - "name" : "http://www.bugtraq.org/advisories/_BSSADV-0001.txt", - "refsource" : "MISC", - "url" : "http://www.bugtraq.org/advisories/_BSSADV-0001.txt" - }, - { - "name" : "20031226 Re: Reported Command Injection in Squirrelmail GPG", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348366" - }, - { - "name" : "squirrelmail-parseaddress-command-execution(14079)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079" - }, - { - "name" : "9296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the \"To:\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "squirrelmail-parseaddress-command-execution(14079)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079" + }, + { + "name": "http://www.bugtraq.org/advisories/_BSSADV-0001.txt", + "refsource": "MISC", + "url": "http://www.bugtraq.org/advisories/_BSSADV-0001.txt" + }, + { + "name": "20031224 Bugtraq Security Systems ADV-0001", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107247236124180&w=2" + }, + { + "name": "9296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9296" + }, + { + "name": "20031226 Re: Reported Command Injection in Squirrelmail GPG", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348366" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1432.json b/2005/1xxx/CVE-2005-1432.json index 34348124243..c4111d5baae 100644 --- a/2005/1xxx/CVE-2005-1432.json +++ b/2005/1xxx/CVE-2005-1432.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1432", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1432", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1034.json b/2009/1xxx/CVE-2009-1034.json index 75565591bf5..7d4569ed01d 100644 --- a/2009/1xxx/CVE-2009-1034.json +++ b/2009/1xxx/CVE-2009-1034.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/406316", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/406316" - }, - { - "name" : "34171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34171" - }, - { - "name" : "52781", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/52781" - }, - { - "name" : "34376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34376" - }, - { - "name" : "tasklist-unspecifed-sql-injection(49320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tasklist-unspecifed-sql-injection(49320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49320" + }, + { + "name": "34171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34171" + }, + { + "name": "52781", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/52781" + }, + { + "name": "http://drupal.org/node/406316", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/406316" + }, + { + "name": "34376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34376" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1301.json b/2009/1xxx/CVE-2009-1301.json index 90310326ebd..5b222022919 100644 --- a/2009/1xxx/CVE-2009-1301.json +++ b/2009/1xxx/CVE-2009-1301.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mpg123-devel] 20090405 mpg123 1.7.2 is out -- important security fix!", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=265342", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=265342" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=673696", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=673696" - }, - { - "name" : "GLSA-200904-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml" - }, - { - "name" : "MDVSA-2009:093", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:093" - }, - { - "name" : "34381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34381" - }, - { - "name" : "34587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34587" - }, - { - "name" : "34748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34748" - }, - { - "name" : "ADV-2009-0936", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=265342", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=265342" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=673696", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=673696" + }, + { + "name": "MDVSA-2009:093", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:093" + }, + { + "name": "34748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34748" + }, + { + "name": "34587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34587" + }, + { + "name": "34381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34381" + }, + { + "name": "ADV-2009-0936", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0936" + }, + { + "name": "GLSA-200904-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml" + }, + { + "name": "[mpg123-devel] 20090405 mpg123 1.7.2 is out -- important security fix!", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1500.json b/2009/1xxx/CVE-2009-1500.json index 18cabd372bf..c6a38d0cf34 100644 --- a/2009/1xxx/CVE-2009-1500.json +++ b/2009/1xxx/CVE-2009-1500.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090429 SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final-->", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503079/100/0/threaded" - }, - { - "name" : "8565", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8565" - }, - { - "name" : "34767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090429 SQL INJECTION (SQLi) VULNERABILITY--ProjectCMS v1.0 Beta Final-->", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503079/100/0/threaded" + }, + { + "name": "8565", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8565" + }, + { + "name": "34767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34767" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1623.json b/2009/1xxx/CVE-2009-1623.json index 110371fd4e0..9565b2f166f 100644 --- a/2009/1xxx/CVE-2009-1623.json +++ b/2009/1xxx/CVE-2009-1623.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8545", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8545" - }, - { - "name" : "34732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34732" + }, + { + "name": "8545", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8545" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5128.json b/2009/5xxx/CVE-2009-5128.json index 8b19536a657..4ac5e71f131 100644 --- a/2009/5xxx/CVE-2009-5128.json +++ b/2009/5xxx/CVE-2009-5128.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.websense.com/pf/12/webfiles/V10000%20Documentation/V10000%20Patches/v1.0.1/V10000_v1.0.1_ReleaseNotes.pdf", - "refsource" : "CONFIRM", - "url" : "http://kb.websense.com/pf/12/webfiles/V10000%20Documentation/V10000%20Patches/v1.0.1/V10000_v1.0.1_ReleaseNotes.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.websense.com/pf/12/webfiles/V10000%20Documentation/V10000%20Patches/v1.0.1/V10000_v1.0.1_ReleaseNotes.pdf", + "refsource": "CONFIRM", + "url": "http://kb.websense.com/pf/12/webfiles/V10000%20Documentation/V10000%20Patches/v1.0.1/V10000_v1.0.1_ReleaseNotes.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0448.json b/2012/0xxx/CVE-2012-0448.json index f8dbcff575b..c02ef99b12f 100644 --- a/2012/0xxx/CVE-2012-0448.json +++ b/2012/0xxx/CVE-2012-0448.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.4.13/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.4.13/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714472", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714472" - }, - { - "name" : "51784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51784" - }, - { - "name" : "1026623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026623" - }, - { - "name" : "47814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47814" - }, - { - "name" : "bugzilla-unspecified-spoofing(72877)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bugzilla.org/security/3.4.13/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.4.13/" + }, + { + "name": "47814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47814" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=714472", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=714472" + }, + { + "name": "1026623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026623" + }, + { + "name": "51784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51784" + }, + { + "name": "bugzilla-unspecified-spoofing(72877)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72877" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0511.json b/2012/0xxx/CVE-2012-0511.json index 78ff39649e6..1231edad462 100644 --- a/2012/0xxx/CVE-2012-0511.json +++ b/2012/0xxx/CVE-2012-0511.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OCI component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OCI component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026929" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0994.json b/2012/0xxx/CVE-2012-0994.json index a482c2aad48..82e47b07c0d 100644 --- a/2012/0xxx/CVE-2012-0994.json +++ b/2012/0xxx/CVE-2012-0994.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120208 Multiple vulnerabilities in ZENphoto", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html" - }, - { - "name" : "https://www.htbridge.ch/advisory/HTB23070", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/HTB23070" - }, - { - "name" : "http://www.zenphoto.org/news/zenphoto-1.4.2.1", - "refsource" : "CONFIRM", - "url" : "http://www.zenphoto.org/news/zenphoto-1.4.2.1" - }, - { - "name" : "http://www.zenphoto.org/trac/changeset/8994", - "refsource" : "CONFIRM", - "url" : "http://www.zenphoto.org/trac/changeset/8994" - }, - { - "name" : "http://www.zenphoto.org/trac/changeset/8995", - "refsource" : "CONFIRM", - "url" : "http://www.zenphoto.org/trac/changeset/8995" - }, - { - "name" : "51916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51916" - }, - { - "name" : "47875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47875" - }, - { - "name" : "zenphoto-albumsort-sql-injection(73082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zenphoto.org/trac/changeset/8995", + "refsource": "CONFIRM", + "url": "http://www.zenphoto.org/trac/changeset/8995" + }, + { + "name": "http://www.zenphoto.org/trac/changeset/8994", + "refsource": "CONFIRM", + "url": "http://www.zenphoto.org/trac/changeset/8994" + }, + { + "name": "51916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51916" + }, + { + "name": "47875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47875" + }, + { + "name": "https://www.htbridge.ch/advisory/HTB23070", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/HTB23070" + }, + { + "name": "zenphoto-albumsort-sql-injection(73082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73082" + }, + { + "name": "20120208 Multiple vulnerabilities in ZENphoto", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html" + }, + { + "name": "http://www.zenphoto.org/news/zenphoto-1.4.2.1", + "refsource": "CONFIRM", + "url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3027.json b/2012/3xxx/CVE-2012-3027.json index 6a5f57a61d5..46d3eb690e9 100644 --- a/2012/3xxx/CVE-2012-3027.json +++ b/2012/3xxx/CVE-2012-3027.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3027", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-3027", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3356.json b/2012/3xxx/CVE-2012-3356.json index e8332aa753c..4fe11d9fede 100644 --- a/2012/3xxx/CVE-2012-3356.json +++ b/2012/3xxx/CVE-2012-3356.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120625 Re: CVE Request: viewvc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/25/8" - }, - { - "name" : "http://viewvc.tigris.org/issues/show_bug.cgi?id=353", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/issues/show_bug.cgi?id=353" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.15/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.15/CHANGES" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175" - }, - { - "name" : "DSA-2563", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2563" - }, - { - "name" : "MDVSA-2013:134", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134" - }, - { - "name" : "openSUSE-SU-2012:0831", - "refsource" : "SUSE", - "url" : "https://lwn.net/Articles/505096/" - }, - { - "name" : "54197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54197" - }, - { - "name" : "83225", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83225" - }, - { - "name" : "viewvc-svnra-security-bypass(76614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120625 Re: CVE Request: viewvc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/25/8" + }, + { + "name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760" + }, + { + "name": "54197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54197" + }, + { + "name": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.15/CHANGES", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.15/CHANGES" + }, + { + "name": "viewvc-svnra-security-bypass(76614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76614" + }, + { + "name": "83225", + "refsource": "OSVDB", + "url": "http://osvdb.org/83225" + }, + { + "name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755" + }, + { + "name": "openSUSE-SU-2012:0831", + "refsource": "SUSE", + "url": "https://lwn.net/Articles/505096/" + }, + { + "name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759" + }, + { + "name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175" + }, + { + "name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756" + }, + { + "name": "MDVSA-2013:134", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134" + }, + { + "name": "DSA-2563", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2563" + }, + { + "name": "http://viewvc.tigris.org/issues/show_bug.cgi?id=353", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=353" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3438.json b/2012/3xxx/CVE-2012-3438.json index db0f98eee41..bd2ef546cb3 100644 --- a/2012/3xxx/CVE-2012-3438.json +++ b/2012/3xxx/CVE-2012-3438.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=844105", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=844105" - }, - { - "name" : "http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2", - "refsource" : "CONFIRM", - "url" : "http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2" - }, - { - "name" : "MDVSA-2012:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:165" - }, - { - "name" : "openSUSE-SU-2013:0536", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00102.html" - }, - { - "name" : "54716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54716" - }, - { - "name" : "50090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50090" - }, - { - "name" : "graphicsmagick-png-dos(77259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2012:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:165" + }, + { + "name": "http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2", + "refsource": "CONFIRM", + "url": "http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2" + }, + { + "name": "50090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50090" + }, + { + "name": "graphicsmagick-png-dos(77259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77259" + }, + { + "name": "openSUSE-SU-2013:0536", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00102.html" + }, + { + "name": "54716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54716" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=844105", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844105" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4312.json b/2012/4xxx/CVE-2012-4312.json index c9af3ed1441..0c9d93eb9da 100644 --- a/2012/4xxx/CVE-2012-4312.json +++ b/2012/4xxx/CVE-2012-4312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4312", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4312", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4610.json b/2012/4xxx/CVE-2012-4610.json index 8b4bc8af422..ca88a368c78 100644 --- a/2012/4xxx/CVE-2012-4610.json +++ b/2012/4xxx/CVE-2012-4610.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging \"network access\" to the proxy client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-4610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121026 EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/524532" - }, - { - "name" : "56317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56317" - }, - { - "name" : "avamar-proxy-client-info-disc(79661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging \"network access\" to the proxy client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "avamar-proxy-client-info-disc(79661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79661" + }, + { + "name": "56317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56317" + }, + { + "name": "20121026 EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/524532" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4660.json b/2012/4xxx/CVE-2012-4660.json index c708cc087e8..73760015bc3 100644 --- a/2012/4xxx/CVE-2012-4660.json +++ b/2012/4xxx/CVE-2012-4660.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6 before 8.6(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted SIP media-update packet, aka Bug ID CSCtr63728." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121010 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa" - }, - { - "name" : "55864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55864" - }, - { - "name" : "86144", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6 before 8.6(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted SIP media-update packet, aka Bug ID CSCtr63728." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20121010 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa" + }, + { + "name": "55864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55864" + }, + { + "name": "86144", + "refsource": "OSVDB", + "url": "http://osvdb.org/86144" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4741.json b/2012/4xxx/CVE-2012-4741.json index 5e9533b1a7b..9537de6db1d 100644 --- a/2012/4xxx/CVE-2012-4741.json +++ b/2012/4xxx/CVE-2012-4741.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Packetfence-announce] 20120413 PacketFence 3.3.0 released!", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=29126135" - }, - { - "name" : "http://www.packetfence.org/bugs/view.php?id=1390", - "refsource" : "CONFIRM", - "url" : "http://www.packetfence.org/bugs/view.php?id=1390" - }, - { - "name" : "packetfence-radius-spoofing(78868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Packetfence-announce] 20120413 PacketFence 3.3.0 released!", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29126135" + }, + { + "name": "packetfence-radius-spoofing(78868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78868" + }, + { + "name": "http://www.packetfence.org/bugs/view.php?id=1390", + "refsource": "CONFIRM", + "url": "http://www.packetfence.org/bugs/view.php?id=1390" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4865.json b/2012/4xxx/CVE-2012-4865.json index 3f80e9e3afe..9fbbd55366a 100644 --- a/2012/4xxx/CVE-2012-4865.json +++ b/2012/4xxx/CVE-2012-4865.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18636", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18636" - }, - { - "name" : "http://packetstormsecurity.org/files/111031", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111031" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5079.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5079.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/111031", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111031" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5079.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5079.php" + }, + { + "name": "18636", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18636" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2043.json b/2017/2xxx/CVE-2017-2043.json index d83e2412e69..33c2f90d4d1 100644 --- a/2017/2xxx/CVE-2017-2043.json +++ b/2017/2xxx/CVE-2017-2043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2043", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2043", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2269.json b/2017/2xxx/CVE-2017-2269.json index 1ff80e7e3d8..cc2e91fe2f0 100644 --- a/2017/2xxx/CVE-2017-2269.json +++ b/2017/2xxx/CVE-2017-2269.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FileCapsule Deluxe Portable", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.2.0.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Tomoki Fuke" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FileCapsule Deluxe Portable", + "version": { + "version_data": [ + { + "version_value": "Ver.2.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Tomoki Fuke" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://resumenext.blog.fc2.com/blog-entry-30.html", - "refsource" : "CONFIRM", - "url" : "http://resumenext.blog.fc2.com/blog-entry-30.html" - }, - { - "name" : "JVN#42031953", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN42031953/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://resumenext.blog.fc2.com/blog-entry-30.html", + "refsource": "CONFIRM", + "url": "http://resumenext.blog.fc2.com/blog-entry-30.html" + }, + { + "name": "JVN#42031953", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN42031953/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2477.json b/2017/2xxx/CVE-2017-2477.json index 040069d58c8..4345c798df4 100644 --- a/2017/2xxx/CVE-2017-2477.json +++ b/2017/2xxx/CVE-2017-2477.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"libxslt\" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "97303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"libxslt\" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97303" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2561.json b/2017/2xxx/CVE-2017-2561.json index 8e7cc3c5d7d..eda3166f0b6 100644 --- a/2017/2xxx/CVE-2017-2561.json +++ b/2017/2xxx/CVE-2017-2561.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2561", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2561", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2970.json b/2017/2xxx/CVE-2017-2970.json index 4e2fca2a45c..cd05757f285 100644 --- a/2017/2xxx/CVE-2017-2970.json +++ b/2017/2xxx/CVE-2017-2970.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95690" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6018.json b/2017/6xxx/CVE-2017-6018.json index f3fcce74716..54ea0152995 100644 --- a/2017/6xxx/CVE-2017-6018.json +++ b/2017/6xxx/CVE-2017-6018.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-6018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "B. Braun Medical SpaceCom", - "version" : { - "version_data" : [ - { - "version_value" : "B. Braun Medical SpaceCom" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-601" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-6018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "B. Braun Medical SpaceCom", + "version": { + "version_data": [ + { + "version_value": "B. Braun Medical SpaceCom" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6050.json b/2017/6xxx/CVE-2017-6050.json index d43fa5866e4..fa12119a289 100644 --- a/2017/6xxx/CVE-2017-6050.json +++ b/2017/6xxx/CVE-2017-6050.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-6050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Ecava IntegraXor", - "version" : { - "version_data" : [ - { - "version_value" : "Ecava IntegraXor" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-6050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ecava IntegraXor", + "version": { + "version_data": [ + { + "version_value": "Ecava IntegraXor" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2017-24", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-24" - }, - { - "name" : "99164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99164" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-24", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-24" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-171-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6097.json b/2017/6xxx/CVE-2017-6097.json index e9cbfd4e7c3..e4a0ccaa71d 100644 --- a/2017/6xxx/CVE-2017-6097.json +++ b/2017/6xxx/CVE-2017-6097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41438", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41438/" - }, - { - "name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", - "refsource" : "MISC", - "url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8740", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8740", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8740" + }, + { + "name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", + "refsource": "MISC", + "url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" + }, + { + "name": "41438", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41438/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6164.json b/2017/6xxx/CVE-2017-6164.json index 1dca7c58e78..69ef272326f 100644 --- a/2017/6xxx/CVE-2017-6164.json +++ b/2017/6xxx/CVE-2017-6164.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-12-20T00:00:00", - "ID" : "CVE-2017-6164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.0.0 - 12.1.2" - }, - { - "version_value" : "11.6.0 - 11.6.1" - }, - { - "version_value" : "11.5.0 - 11.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service and Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-12-20T00:00:00", + "ID": "CVE-2017-6164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.0.0 - 12.1.2" + }, + { + "version_value": "11.6.0 - 11.6.1" + }, + { + "version_value": "11.5.0 - 11.5.4" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K02714910", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K02714910" - }, - { - "name" : "1040054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service and Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040054" + }, + { + "name": "https://support.f5.com/csp/article/K02714910", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K02714910" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7434.json b/2017/7xxx/CVE-2017-7434.json index 4246803b1b6..5a58781f0c6 100644 --- a/2017/7xxx/CVE-2017-7434.json +++ b/2017/7xxx/CVE-2017-7434.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.com", - "DATE_PUBLIC" : "2017-02-01T00:00:00.000Z", - "ID" : "CVE-2017-7434", - "STATE" : "PUBLIC", - "TITLE" : "NetIQ Identity Manager JDBC driver could leak passwords in exception traces " - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-02-01T00:00:00.000Z", + "ID": "CVE-2017-7434", + "STATE": "PUBLIC", + "TITLE": "NetIQ Identity Manager JDBC driver could leak passwords in exception traces " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.6" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.6" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" + "lang": "eng", + "value": "In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 3.3, - "baseSeverity" : "LOW", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "logging credentials" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-532" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1005907", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1005907" - }, - { - "name" : "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html" - } - ] - }, - "source" : { - "defect" : [ - "1005907" - ], - "discovery" : "INTERNAL" - } -} + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "logging credentials" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1005907", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1005907" + }, + { + "name": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html" + } + ] + }, + "source": { + "defect": [ + "1005907" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7507.json b/2017/7xxx/CVE-2017-7507.json index 8e59f7da7a0..6914ba9aced 100644 --- a/2017/7xxx/CVE-2017-7507.json +++ b/2017/7xxx/CVE-2017-7507.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "gnutls", - "version" : { - "version_data" : [ - { - "version_value" : "3.5.12" - } - ] - } - } - ] - }, - "vendor_name" : "GnuTLS" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NULL pointer dereference" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gnutls", + "version": { + "version_data": [ + { + "version_value": "3.5.12" + } + ] + } + } + ] + }, + "vendor_name": "GnuTLS" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4", - "refsource" : "CONFIRM", - "url" : "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4" - }, - { - "name" : "DSA-3884", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3884" - }, - { - "name" : "RHSA-2017:2292", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2292" - }, - { - "name" : "99102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL pointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99102" + }, + { + "name": "RHSA-2017:2292", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2292" + }, + { + "name": "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4", + "refsource": "CONFIRM", + "url": "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4" + }, + { + "name": "DSA-3884", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3884" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10683.json b/2018/10xxx/CVE-2018-10683.json index abb87f0bb7a..ab8c8f87ec5 100644 --- a/2018/10xxx/CVE-2018-10683.json +++ b/2018/10xxx/CVE-2018-10683.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that \"without a security realm reference\" implies \"effectively unsecured.\" The vendor explicitly supports these unsecured configurations because they have valid use cases during development." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kmkz/exploit/blob/master/CVE-2018-10682-CVE-2018-10683.txt", - "refsource" : "MISC", - "url" : "https://github.com/kmkz/exploit/blob/master/CVE-2018-10682-CVE-2018-10683.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that \"without a security realm reference\" implies \"effectively unsecured.\" The vendor explicitly supports these unsecured configurations because they have valid use cases during development." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kmkz/exploit/blob/master/CVE-2018-10682-CVE-2018-10683.txt", + "refsource": "MISC", + "url": "https://github.com/kmkz/exploit/blob/master/CVE-2018-10682-CVE-2018-10683.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10902.json b/2018/10xxx/CVE-2018-10902.json index ce7d078683c..644ac9391b9 100644 --- a/2018/10xxx/CVE-2018-10902.json +++ b/2018/10xxx/CVE-2018-10902.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902" - }, - { - "name" : "DSA-4308", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4308" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "RHSA-2019:0415", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0415" - }, - { - "name" : "USN-3776-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3776-1/" - }, - { - "name" : "USN-3776-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3776-2/" - }, - { - "name" : "USN-3847-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3847-1/" - }, - { - "name" : "USN-3847-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3847-2/" - }, - { - "name" : "USN-3847-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3847-3/" - }, - { - "name" : "USN-3849-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3849-2/" - }, - { - "name" : "USN-3849-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3849-1/" - }, - { - "name" : "105119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105119" - }, - { - "name" : "1041529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "USN-3776-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3776-1/" + }, + { + "name": "USN-3776-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3776-2/" + }, + { + "name": "USN-3847-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3847-1/" + }, + { + "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" + }, + { + "name": "USN-3847-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3847-2/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902" + }, + { + "name": "USN-3849-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3849-1/" + }, + { + "name": "RHSA-2019:0415", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0415" + }, + { + "name": "USN-3849-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3849-2/" + }, + { + "name": "1041529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041529" + }, + { + "name": "DSA-4308", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4308" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0" + }, + { + "name": "USN-3847-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3847-3/" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + }, + { + "name": "105119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105119" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14327.json b/2018/14xxx/CVE-2018-14327.json index 0d9ab65fb8e..97d4ff4ccfa 100644 --- a/2018/14xxx/CVE-2018-14327.json +++ b/2018/14xxx/CVE-2018-14327.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the \"Web Connecton\\EE40\" and \"Web Connecton\\EE40\\BackgroundService\" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the \"Web Connecton\\EE40\\BackgroundService\" directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45501", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45501/" - }, - { - "name" : "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html", - "refsource" : "MISC", - "url" : "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html" - }, - { - "name" : "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html" - }, - { - "name" : "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/", - "refsource" : "MISC", - "url" : "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/" - }, - { - "name" : "105385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the \"Web Connecton\\EE40\" and \"Web Connecton\\EE40\\BackgroundService\" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the \"Web Connecton\\EE40\\BackgroundService\" directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html", + "refsource": "MISC", + "url": "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html" + }, + { + "name": "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/", + "refsource": "MISC", + "url": "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/" + }, + { + "name": "45501", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45501/" + }, + { + "name": "105385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105385" + }, + { + "name": "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14458.json b/2018/14xxx/CVE-2018-14458.json index c76ba134cf2..b6e946fe849 100644 --- a/2018/14xxx/CVE-2018-14458.json +++ b/2018/14xxx/CVE-2018-14458.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15149.json b/2018/15xxx/CVE-2018-15149.json index a4d1280c934..95593a96323 100644 --- a/2018/15xxx/CVE-2018-15149.json +++ b/2018/15xxx/CVE-2018-15149.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://insecurity.sh/reports/openemr.pdf", - "refsource" : "MISC", - "url" : "https://insecurity.sh/reports/openemr.pdf" - }, - { - "name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", - "refsource" : "MISC", - "url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" - }, - { - "name" : "https://github.com/openemr/openemr/pull/1757/files", - "refsource" : "CONFIRM", - "url" : "https://github.com/openemr/openemr/pull/1757/files" - }, - { - "name" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", - "refsource" : "CONFIRM", - "url" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://insecurity.sh/reports/openemr.pdf", + "refsource": "MISC", + "url": "https://insecurity.sh/reports/openemr.pdf" + }, + { + "name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", + "refsource": "MISC", + "url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" + }, + { + "name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", + "refsource": "CONFIRM", + "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + }, + { + "name": "https://github.com/openemr/openemr/pull/1757/files", + "refsource": "CONFIRM", + "url": "https://github.com/openemr/openemr/pull/1757/files" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15773.json b/2018/15xxx/CVE-2018-15773.json index 401a25540f4..ce169b3d2ed 100644 --- a/2018/15xxx/CVE-2018-15773.json +++ b/2018/15xxx/CVE-2018-15773.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-12-03T18:00:00.000Z", - "ID" : "CVE-2018-15773", - "STATE" : "PUBLIC", - "TITLE" : "Dell Encryption Enterprise \\ Dell Data Protection Encryption Information Disclosure Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell Encryption (formerly Dell Data Protection | Encryption)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "10.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Dell" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Dell would like to thank Jan van der Put and Harm Blankers of REQON Security for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information disclosure vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-12-03T18:00:00.000Z", + "ID": "CVE-2018-15773", + "STATE": "PUBLIC", + "TITLE": "Dell Encryption Enterprise \\ Dell Data Protection Encryption Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell Encryption (formerly Dell Data Protection | Encryption)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "10.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en", - "refsource" : "MISC", - "url" : "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Dell would like to thank Jan van der Put and Harm Blankers of REQON Security for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en", + "refsource": "MISC", + "url": "https://www.dell.com/support/article/us/en/04/sln314963/dell-encryption-enterprise-dell-data-protection-encryption-information-disclosure-vulnerability?lang=en" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15804.json b/2018/15xxx/CVE-2018-15804.json index 8c30bfc5424..7206e44b219 100644 --- a/2018/15xxx/CVE-2018-15804.json +++ b/2018/15xxx/CVE-2018-15804.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromised", - "refsource" : "CONFIRM", - "url" : "https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromised" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromised", + "refsource": "CONFIRM", + "url": "https://mapr.com/support/s/article/MapR-Ticket-Credentials-can-become-compromised" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20267.json b/2018/20xxx/CVE-2018-20267.json index 4833d93e960..8a4a4bf6cbf 100644 --- a/2018/20xxx/CVE-2018-20267.json +++ b/2018/20xxx/CVE-2018-20267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20267", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20267", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20341.json b/2018/20xxx/CVE-2018-20341.json index ef4f2a4e784..9a7b93f89af 100644 --- a/2018/20xxx/CVE-2018-20341.json +++ b/2018/20xxx/CVE-2018-20341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20564.json b/2018/20xxx/CVE-2018-20564.json index 8d916653923..57a9d5ae39f 100644 --- a/2018/20xxx/CVE-2018-20564.json +++ b/2018/20xxx/CVE-2018-20564.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss4", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss4", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss4" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9089.json b/2018/9xxx/CVE-2018-9089.json index 3068128fad4..3b3a8a7ea14 100644 --- a/2018/9xxx/CVE-2018-9089.json +++ b/2018/9xxx/CVE-2018-9089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9089", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9089", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9161.json b/2018/9xxx/CVE-2018-9161.json index cf4f5adccac..2b10901a040 100644 --- a/2018/9xxx/CVE-2018-9161.json +++ b/2018/9xxx/CVE-2018-9161.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44276", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44276/" - }, - { - "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php", - "refsource" : "MISC", - "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44276", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44276/" + }, + { + "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php", + "refsource": "MISC", + "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9485.json b/2018/9xxx/CVE-2018-9485.json index 54aa7d51ab3..8abaad5c753 100644 --- a/2018/9xxx/CVE-2018-9485.json +++ b/2018/9xxx/CVE-2018-9485.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9485", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9485", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file