From 65e25d2d555e7e174051ffb60ca203cfc7101cc7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:08:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0544.json | 130 ++++++++-------- 2002/0xxx/CVE-2002-0675.json | 150 +++++++++--------- 2002/0xxx/CVE-2002-0707.json | 140 ++++++++--------- 2002/0xxx/CVE-2002-0813.json | 170 ++++++++++----------- 2002/0xxx/CVE-2002-0884.json | 160 +++++++++---------- 2002/1xxx/CVE-2002-1084.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1312.json | 170 ++++++++++----------- 2002/1xxx/CVE-2002-1364.json | 160 +++++++++---------- 2002/2xxx/CVE-2002-2098.json | 150 +++++++++--------- 2002/2xxx/CVE-2002-2101.json | 140 ++++++++--------- 2002/2xxx/CVE-2002-2146.json | 140 ++++++++--------- 2005/1xxx/CVE-2005-1015.json | 120 +++++++-------- 2005/1xxx/CVE-2005-1274.json | 120 +++++++-------- 2005/1xxx/CVE-2005-1418.json | 160 +++++++++---------- 2005/1xxx/CVE-2005-1878.json | 150 +++++++++--------- 2005/1xxx/CVE-2005-1973.json | 170 ++++++++++----------- 2009/0xxx/CVE-2009-0927.json | 270 ++++++++++++++++----------------- 2009/0xxx/CVE-2009-0995.json | 170 ++++++++++----------- 2009/1xxx/CVE-2009-1254.json | 180 +++++++++++----------- 2009/1xxx/CVE-2009-1367.json | 150 +++++++++--------- 2009/1xxx/CVE-2009-1970.json | 180 +++++++++++----------- 2009/1xxx/CVE-2009-1987.json | 180 +++++++++++----------- 2009/5xxx/CVE-2009-5141.json | 160 +++++++++---------- 2012/2xxx/CVE-2012-2083.json | 180 +++++++++++----------- 2012/2xxx/CVE-2012-2582.json | 160 +++++++++---------- 2012/2xxx/CVE-2012-2624.json | 120 +++++++-------- 2012/2xxx/CVE-2012-2972.json | 180 +++++++++++----------- 2012/3xxx/CVE-2012-3319.json | 150 +++++++++--------- 2012/3xxx/CVE-2012-3475.json | 140 ++++++++--------- 2012/3xxx/CVE-2012-3689.json | 130 ++++++++-------- 2012/3xxx/CVE-2012-3941.json | 150 +++++++++--------- 2012/4xxx/CVE-2012-4301.json | 180 +++++++++++----------- 2012/4xxx/CVE-2012-4319.json | 34 ++--- 2012/4xxx/CVE-2012-4504.json | 220 +++++++++++++-------------- 2012/4xxx/CVE-2012-4563.json | 140 ++++++++--------- 2012/4xxx/CVE-2012-4736.json | 130 ++++++++-------- 2012/4xxx/CVE-2012-4766.json | 34 ++--- 2012/6xxx/CVE-2012-6156.json | 34 ++--- 2012/6xxx/CVE-2012-6379.json | 34 ++--- 2012/6xxx/CVE-2012-6679.json | 34 ++--- 2017/2xxx/CVE-2017-2396.json | 170 ++++++++++----------- 2017/2xxx/CVE-2017-2756.json | 34 ++--- 2017/2xxx/CVE-2017-2903.json | 142 ++++++++--------- 2017/6xxx/CVE-2017-6653.json | 140 ++++++++--------- 2017/6xxx/CVE-2017-6978.json | 140 ++++++++--------- 2018/11xxx/CVE-2018-11113.json | 34 ++--- 2018/11xxx/CVE-2018-11162.json | 140 ++++++++--------- 2018/11xxx/CVE-2018-11701.json | 120 +++++++-------- 2018/11xxx/CVE-2018-11769.json | 142 ++++++++--------- 2018/14xxx/CVE-2018-14277.json | 130 ++++++++-------- 2018/14xxx/CVE-2018-14413.json | 34 ++--- 2018/14xxx/CVE-2018-14449.json | 120 +++++++-------- 2018/14xxx/CVE-2018-14548.json | 34 ++--- 2018/14xxx/CVE-2018-14621.json | 160 +++++++++---------- 2018/14xxx/CVE-2018-14751.json | 34 ++--- 2018/15xxx/CVE-2018-15068.json | 34 ++--- 2018/15xxx/CVE-2018-15261.json | 34 ++--- 2018/15xxx/CVE-2018-15411.json | 250 +++++++++++++++--------------- 2018/15xxx/CVE-2018-15833.json | 150 +++++++++--------- 2018/15xxx/CVE-2018-15929.json | 140 ++++++++--------- 2018/20xxx/CVE-2018-20347.json | 34 ++--- 2018/9xxx/CVE-2018-9204.json | 34 ++--- 62 files changed, 3980 insertions(+), 3980 deletions(-) diff --git a/2002/0xxx/CVE-2002-0544.json b/2002/0xxx/CVE-2002-0544.json index ae920e79fe6..c00c68d320c 100644 --- a/2002/0xxx/CVE-2002-0544.json +++ b/2002/0xxx/CVE-2002-0544.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.aprelium.com/news/abws103.html", - "refsource" : "CONFIRM", - "url" : "http://www.aprelium.com/news/abws103.html" - }, - { - "name" : "4467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.aprelium.com/news/abws103.html", + "refsource": "CONFIRM", + "url": "http://www.aprelium.com/news/abws103.html" + }, + { + "name": "4467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4467" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0675.json b/2002/0xxx/CVE-2002-0675.json index be4a5a26ba4..40e9389bd83 100644 --- a/2002/0xxx/CVE-2002-0675.json +++ b/2002/0xxx/CVE-2002-0675.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A071202-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2002/a071202-1.txt" - }, - { - "name" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", - "refsource" : "MISC", - "url" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" - }, - { - "name" : "5223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5223" - }, - { - "name" : "pingtel-xpressa-firmware-upgrade(9570)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9570.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5223" + }, + { + "name": "pingtel-xpressa-firmware-upgrade(9570)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9570.php" + }, + { + "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", + "refsource": "MISC", + "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" + }, + { + "name": "A071202-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0707.json b/2002/0xxx/CVE-2002-0707.json index 9a2c90d6a74..e50bf1cd381 100644 --- a/2002/0xxx/CVE-2002-0707.json +++ b/2002/0xxx/CVE-2002-0707.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103359690824103&w=2" - }, - { - "name" : "5854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5854" - }, - { - "name" : "superscout-webfilter-get-dos(10242)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10242.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103359690824103&w=2" + }, + { + "name": "5854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5854" + }, + { + "name": "superscout-webfilter-get-dos(10242)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10242.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0813.json b/2002/0xxx/CVE-2002-0813.json index 487348316d7..a308a76000b 100644 --- a/2002/0xxx/CVE-2002-0813.json +++ b/2002/0xxx/CVE-2002-0813.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284634" - }, - { - "name" : "20020730 TFTP Long Filename Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml" - }, - { - "name" : "20020822 Cisco IOS exploit PoC", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103002169829669&w=2" - }, - { - "name" : "cisco-tftp-filename-bo(9700)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9700.php" - }, - { - "name" : "5328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5328" - }, - { - "name" : "854", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-tftp-filename-bo(9700)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9700.php" + }, + { + "name": "20020822 Cisco IOS exploit PoC", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103002169829669&w=2" + }, + { + "name": "20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284634" + }, + { + "name": "20020730 TFTP Long Filename Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml" + }, + { + "name": "5328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5328" + }, + { + "name": "854", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/854" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0884.json b/2002/0xxx/CVE-2002-0884.json index 16603b8c00d..51e28d86375 100644 --- a/2002/0xxx/CVE-2002-0884.json +++ b/2002/0xxx/CVE-2002-0884.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/273584" - }, - { - "name" : "20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html" - }, - { - "name" : "CSSA-2002-SCO.29", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt" - }, - { - "name" : "solaris-inrarpd-code-execution(9150)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9150.php" - }, - { - "name" : "4791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4791" + }, + { + "name": "20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html" + }, + { + "name": "20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/273584" + }, + { + "name": "CSSA-2002-SCO.29", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt" + }, + { + "name": "solaris-inrarpd-code-execution(9150)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9150.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1084.json b/2002/1xxx/CVE-2002-1084.json index a6ae75b3b51..44498190122 100644 --- a/2002/1xxx/CVE-2002-1084.json +++ b/2002/1xxx/CVE-2002-1084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020725 [VulnWatch] ezContents multiple vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" - }, - { - "name" : "20020725 ezContents multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284229" - }, - { - "name" : "ezcontents-verifylogin-post-data(9711)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9711.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020725 ezContents multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284229" + }, + { + "name": "20020725 [VulnWatch] ezContents multiple vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" + }, + { + "name": "ezcontents-verifylogin-post-data(9711)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9711.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1312.json b/2002/1xxx/CVE-2002-1312.json index 6345d268e1b..f64e7bc1ebb 100644 --- a/2002/1xxx/CVE-2002-1312.json +++ b/2002/1xxx/CVE-2002-1312.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021202 CORE-20021005: Vulnerability Report For Linksys Devices", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0022.html" - }, - { - "name" : "http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10" - }, - { - "name" : "20021119 Denial of Service Vulnerability in Linksys Cable/DSL Routers", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=36&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "6208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6208" - }, - { - "name" : "6301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6301" - }, - { - "name" : "linksys-etherfast-password-dos(10654)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021202 CORE-20021005: Vulnerability Report For Linksys Devices", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0022.html" + }, + { + "name": "6208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6208" + }, + { + "name": "6301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6301" + }, + { + "name": "20021119 Denial of Service Vulnerability in Linksys Cable/DSL Routers", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=36&type=vulnerabilities&flashstatus=true" + }, + { + "name": "http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10", + "refsource": "MISC", + "url": "http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10" + }, + { + "name": "linksys-etherfast-password-dos(10654)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10654" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1364.json b/2002/1xxx/CVE-2002-1364.json index 8738aa45fde..8822fb923cb 100644 --- a/2002/1xxx/CVE-2002-1364.json +++ b/2002/1xxx/CVE-2002-1364.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-254", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-254" - }, - { - "name" : "SuSE-SA:2002:043", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_043_traceroute_nanog_nkitb.html" - }, - { - "name" : "20021129 Exploit for traceroute-nanog overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103858895600963&w=2" - }, - { - "name" : "6166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6166" - }, - { - "name" : "traceroute-nanog-getorigin-bo(10778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-254", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-254" + }, + { + "name": "6166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6166" + }, + { + "name": "traceroute-nanog-getorigin-bo(10778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10778" + }, + { + "name": "20021129 Exploit for traceroute-nanog overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103858895600963&w=2" + }, + { + "name": "SuSE-SA:2002:043", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_043_traceroute_nanog_nkitb.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2098.json b/2002/2xxx/CVE-2002-2098.json index 3daaa456e22..d608eb4bbfe 100644 --- a/2002/2xxx/CVE-2002-2098.json +++ b/2002/2xxx/CVE-2002-2098.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dabo.de/software/axspawn.html", - "refsource" : "CONFIRM", - "url" : "http://www.dabo.de/software/axspawn.html" - }, - { - "name" : "3824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3824" - }, - { - "name" : "1003242", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003242" - }, - { - "name" : "axspawn-pam-login-bo(7974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "axspawn-pam-login-bo(7974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7974" + }, + { + "name": "http://www.dabo.de/software/axspawn.html", + "refsource": "CONFIRM", + "url": "http://www.dabo.de/software/axspawn.html" + }, + { + "name": "3824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3824" + }, + { + "name": "1003242", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003242" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2101.json b/2002/2xxx/CVE-2002-2101.json index 693d3c904ef..1b7761b1aa3 100644 --- a/2002/2xxx/CVE-2002-2101.json +++ b/2002/2xxx/CVE-2002-2101.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an \"about:\" or \"javascript:\" URI in the href attribute of an \"a\" tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020320 Questionable security policies in Outlook 2002", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html" - }, - { - "name" : "4337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4337" - }, - { - "name" : "outlook-href-url-javascript(8613)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8613.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an \"about:\" or \"javascript:\" URI in the href attribute of an \"a\" tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "outlook-href-url-javascript(8613)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8613.php" + }, + { + "name": "20020320 Questionable security policies in Outlook 2002", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html" + }, + { + "name": "4337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4337" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2146.json b/2002/2xxx/CVE-2002-2146.json index 5cc2ccf685b..cbcea095791 100644 --- a/2002/2xxx/CVE-2002-2146.json +++ b/2002/2xxx/CVE-2002-2146.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020913 Savant 3.1 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0151.html" - }, - { - "name" : "savant-cgitest-bo(10102)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10102.php" - }, - { - "name" : "5706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020913 Savant 3.1 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0151.html" + }, + { + "name": "5706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5706" + }, + { + "name": "savant-cgitest-bo(10102)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10102.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1015.json b/2005/1xxx/CVE-2005-1015.json index 4ee268a1204..ef019212cf9 100644 --- a/2005/1xxx/CVE-2005-1015.json +++ b/2005/1xxx/CVE-2005-1015.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050406 Re: MailEnable Imapd remote BoF + Exploit [x0n3-h4ck]", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-April/033144.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050406 Re: MailEnable Imapd remote BoF + Exploit [x0n3-h4ck]", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-April/033144.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1274.json b/2005/1xxx/CVE-2005-1274.json index 0cfeb152a1a..4328bd5b06c 100644 --- a/2005/1xxx/CVE-2005-1274.json +++ b/2005/1xxx/CVE-2005-1274.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long \"If\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050426 MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=236&type=vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long \"If\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050426 MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=236&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1418.json b/2005/1xxx/CVE-2005-1418.json index d34e40d9bdb..2458e09684c 100644 --- a/2005/1xxx/CVE-2005-1418.json +++ b/2005/1xxx/CVE-2005-1418.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13442" - }, - { - "name" : "14687", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14687" - }, - { - "name" : "1013826", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013826" - }, - { - "name" : "15184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15184" - }, - { - "name" : "notjustbrowsing-password-disclosure(20319)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "notjustbrowsing-password-disclosure(20319)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20319" + }, + { + "name": "13442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13442" + }, + { + "name": "1013826", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013826" + }, + { + "name": "14687", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14687" + }, + { + "name": "15184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15184" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1878.json b/2005/1xxx/CVE-2005-1878.json index 2c35f04afbc..efbb534e58f 100644 --- a/2005/1xxx/CVE-2005-1878.json +++ b/2005/1xxx/CVE-2005-1878.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050606 GIPTables Firewall <= v1.1 insecure temporary file creation", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034423.html" - }, - { - "name" : "http://www.zataz.net/adviso/giptables-05222005.txt", - "refsource" : "MISC", - "url" : "http://www.zataz.net/adviso/giptables-05222005.txt" - }, - { - "name" : "1014109", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014109" - }, - { - "name" : "15604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15604" + }, + { + "name": "20050606 GIPTables Firewall <= v1.1 insecure temporary file creation", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034423.html" + }, + { + "name": "1014109", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014109" + }, + { + "name": "http://www.zataz.net/adviso/giptables-05222005.txt", + "refsource": "MISC", + "url": "http://www.zataz.net/adviso/giptables-05222005.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1973.json b/2005/1xxx/CVE-2005-1973.json index 76aa997f470..4fb0aa78cb1 100644 --- a/2005/1xxx/CVE-2005-1973.json +++ b/2005/1xxx/CVE-2005-1973.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "101748", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1" - }, - { - "name" : "HPSBUX01214", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=112870351003598&w=2" - }, - { - "name" : "SSRT051003", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=112870351003598&w=2" - }, - { - "name" : "13958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13958" - }, - { - "name" : "13945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13945" - }, - { - "name" : "61", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/61" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX01214", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=112870351003598&w=2" + }, + { + "name": "SSRT051003", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=112870351003598&w=2" + }, + { + "name": "101748", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1" + }, + { + "name": "13945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13945" + }, + { + "name": "13958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13958" + }, + { + "name": "61", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/61" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0927.json b/2009/0xxx/CVE-2009-0927.json index 885635fdb09..06872e8b422 100644 --- a/2009/0xxx/CVE-2009-0927.json +++ b/2009/0xxx/CVE-2009-0927.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502116/100/0/threaded" - }, - { - "name" : "9579", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9579" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-014", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-014" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-04.html" - }, - { - "name" : "GLSA-200904-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-17.xml" - }, - { - "name" : "256788", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1" - }, - { - "name" : "SUSE-SA:2009:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html" - }, - { - "name" : "SUSE-SR:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" - }, - { - "name" : "34169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34169" - }, - { - "name" : "1021861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021861" - }, - { - "name" : "34490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34490" - }, - { - "name" : "34706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34706" - }, - { - "name" : "34790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34790" - }, - { - "name" : "ADV-2009-0770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0770" - }, - { - "name" : "ADV-2009-1019", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1019" - }, - { - "name" : "adobe-unspecified-javascript-code-execution(49312)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-014", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014" + }, + { + "name": "9579", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9579" + }, + { + "name": "34169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34169" + }, + { + "name": "34790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34790" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html" + }, + { + "name": "1021861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021861" + }, + { + "name": "ADV-2009-0770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0770" + }, + { + "name": "34490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34490" + }, + { + "name": "SUSE-SA:2009:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html" + }, + { + "name": "20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded" + }, + { + "name": "34706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34706" + }, + { + "name": "256788", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1" + }, + { + "name": "GLSA-200904-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml" + }, + { + "name": "SUSE-SR:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" + }, + { + "name": "ADV-2009-1019", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1019" + }, + { + "name": "adobe-unspecified-javascript-code-execution(49312)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0995.json b/2009/0xxx/CVE-2009-0995.json index 9ab55b90f23..a835b9dcce4 100644 --- a/2009/0xxx/CVE-2009-0995.json +++ b/2009/0xxx/CVE-2009-0995.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53754", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53754" - }, - { - "name" : "1022056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022056" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "53754", + "refsource": "OSVDB", + "url": "http://osvdb.org/53754" + }, + { + "name": "1022056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022056" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1254.json b/2009/1xxx/CVE-2009-1254.json index 674bec7762a..dd92843ff12 100644 --- a/2009/1xxx/CVE-2009-1254.json +++ b/2009/1xxx/CVE-2009-1254.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/bugs/314591", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/314591" - }, - { - "name" : "https://launchpad.net/bugs/cve/2009-1254", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/cve/2009-1254" - }, - { - "name" : "DSA-1764", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1764" - }, - { - "name" : "34418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34418" - }, - { - "name" : "53427", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53427" - }, - { - "name" : "34643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34643" - }, - { - "name" : "ADV-2009-0972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.net/bugs/314591", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/314591" + }, + { + "name": "https://launchpad.net/bugs/cve/2009-1254", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/cve/2009-1254" + }, + { + "name": "34418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34418" + }, + { + "name": "ADV-2009-0972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0972" + }, + { + "name": "53427", + "refsource": "OSVDB", + "url": "http://osvdb.org/53427" + }, + { + "name": "34643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34643" + }, + { + "name": "DSA-1764", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1764" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1367.json b/2009/1xxx/CVE-2009-1367.json index 096dda99bba..2c85220033d 100644 --- a/2009/1xxx/CVE-2009-1367.json +++ b/2009/1xxx/CVE-2009-1367.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8394", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8394" - }, - { - "name" : "http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog", - "refsource" : "CONFIRM", - "url" : "http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog" - }, - { - "name" : "34474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34474" - }, - { - "name" : "mozilocms-indexphp-xss(49812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mozilocms-indexphp-xss(49812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49812" + }, + { + "name": "http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog", + "refsource": "CONFIRM", + "url": "http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog" + }, + { + "name": "8394", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8394" + }, + { + "name": "34474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34474" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1970.json b/2009/1xxx/CVE-2009-1970.json index 50c60270389..0151f2896d4 100644 --- a/2009/1xxx/CVE-2009-1970.json +++ b/2009/1xxx/CVE-2009-1970.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35683" - }, - { - "name" : "55891", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55891" - }, - { - "name" : "1022560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022560" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-db-listener-unspecified(51756)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "35683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35683" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "1022560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022560" + }, + { + "name": "55891", + "refsource": "OSVDB", + "url": "http://osvdb.org/55891" + }, + { + "name": "oracle-db-listener-unspecified(51756)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51756" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1987.json b/2009/1xxx/CVE-2009-1987.json index ca446a8028d..9eff3f10dca 100644 --- a/2009/1xxx/CVE-2009-1987.json +++ b/2009/1xxx/CVE-2009-1987.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.21 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35691" - }, - { - "name" : "55909", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55909" - }, - { - "name" : "1022566", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022566" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-pse-jdee-pepep-unspecified(51769)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.21 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "oracle-pse-jdee-pepep-unspecified(51769)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51769" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "35691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35691" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "1022566", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022566" + }, + { + "name": "55909", + "refsource": "OSVDB", + "url": "http://osvdb.org/55909" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5141.json b/2009/5xxx/CVE-2009-5141.json index b5356caaa4f..0497f295b26 100644 --- a/2009/5xxx/CVE-2009-5141.json +++ b/2009/5xxx/CVE-2009-5141.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090912 War FTP Daemon Remote Denial Of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-09/0105.html" - }, - { - "name" : "9622", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9622" - }, - { - "name" : "https://www.corelan.be/index.php/forum/security-advisories-archive-2009/corelan-09001-warftpd-1-82-rc12-dos/", - "refsource" : "MISC", - "url" : "https://www.corelan.be/index.php/forum/security-advisories-archive-2009/corelan-09001-warftpd-1-82-rc12-dos/" - }, - { - "name" : "http://www.warftp.org/index.php?menu=338&cmd=show_article&article_id=1003", - "refsource" : "CONFIRM", - "url" : "http://www.warftp.org/index.php?menu=338&cmd=show_article&article_id=1003" - }, - { - "name" : "62599", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62599", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62599" + }, + { + "name": "9622", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9622" + }, + { + "name": "20090912 War FTP Daemon Remote Denial Of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-09/0105.html" + }, + { + "name": "http://www.warftp.org/index.php?menu=338&cmd=show_article&article_id=1003", + "refsource": "CONFIRM", + "url": "http://www.warftp.org/index.php?menu=338&cmd=show_article&article_id=1003" + }, + { + "name": "https://www.corelan.be/index.php/forum/security-advisories-archive-2009/corelan-09001-warftpd-1-82-rc12-dos/", + "refsource": "MISC", + "url": "https://www.corelan.be/index.php/forum/security-advisories-archive-2009/corelan-09001-warftpd-1-82-rc12-dos/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2083.json b/2012/2xxx/CVE-2012-2083.json index 08798a15e1b..f21f04a6a7c 100644 --- a/2012/2xxx/CVE-2012-2083.json +++ b/2012/2xxx/CVE-2012-2083.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1507510", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1507510" - }, - { - "name" : "http://drupal.org/node/1506600", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1506600" - }, - { - "name" : "http://drupalcode.org/project/fusion.git/commit/f7cee3d", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/fusion.git/commit/f7cee3d" - }, - { - "name" : "52798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52798" - }, - { - "name" : "80680", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80680" - }, - { - "name" : "48606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1506600", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1506600" + }, + { + "name": "http://drupalcode.org/project/fusion.git/commit/f7cee3d", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/fusion.git/commit/f7cee3d" + }, + { + "name": "80680", + "refsource": "OSVDB", + "url": "http://osvdb.org/80680" + }, + { + "name": "48606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48606" + }, + { + "name": "52798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52798" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "http://drupal.org/node/1507510", + "refsource": "MISC", + "url": "http://drupal.org/node/1507510" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2582.json b/2012/2xxx/CVE-2012-2582.json index fd1277d32b8..ca7d62deb62 100644 --- a/2012/2xxx/CVE-2012-2582.json +++ b/2012/2xxx/CVE-2012-2582.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/", - "refsource" : "CONFIRM", - "url" : "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/" - }, - { - "name" : "DSA-2536", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2536" - }, - { - "name" : "openSUSE-SU-2012:1105", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html" - }, - { - "name" : "VU#582879", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582879" - }, - { - "name" : "50513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:1105", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html" + }, + { + "name": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/", + "refsource": "CONFIRM", + "url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/" + }, + { + "name": "VU#582879", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582879" + }, + { + "name": "50513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50513" + }, + { + "name": "DSA-2536", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2536" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2624.json b/2012/2xxx/CVE-2012-2624.json index b9564d428c9..266883e35af 100644 --- a/2012/2xxx/CVE-2012-2624.json +++ b/2012/2xxx/CVE-2012-2624.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121009 BufferOverflow Vulnerability on Logica HotScan SWIFT Alliance Access Interface", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2012/Oct/50" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20121009 BufferOverflow Vulnerability on Logica HotScan SWIFT Alliance Access Interface", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2012/Oct/50" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2972.json b/2012/2xxx/CVE-2012-2972.json index 1aa5664f62e..fcd75d9ccec 100644 --- a/2012/2xxx/CVE-2012-2972.json +++ b/2012/2xxx/CVE-2012-2972.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130114 Updated - CA20121018-01: Security Notice for CA ARCserve Backup", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jan/86" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={F9EEA31E-8089-423E-B746-41B5C9DD2AC1}", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={F9EEA31E-8089-423E-B746-41B5C9DD2AC1}" - }, - { - "name" : "http://packetstormsecurity.com/files/119543/Security-Notice-For-CA-ARCserve-Backup.html", - "refsource" : "CONFIRM", - "url" : "http://packetstormsecurity.com/files/119543/Security-Notice-For-CA-ARCserve-Backup.html" - }, - { - "name" : "VU#408099", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/408099" - }, - { - "name" : "86415", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86415" - }, - { - "name" : "51012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51012" - }, - { - "name" : "arcserve-backup-rpc-dos(79477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130114 Updated - CA20121018-01: Security Notice for CA ARCserve Backup", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jan/86" + }, + { + "name": "arcserve-backup-rpc-dos(79477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79477" + }, + { + "name": "86415", + "refsource": "OSVDB", + "url": "http://osvdb.org/86415" + }, + { + "name": "VU#408099", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/408099" + }, + { + "name": "51012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51012" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={F9EEA31E-8089-423E-B746-41B5C9DD2AC1}", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={F9EEA31E-8089-423E-B746-41B5C9DD2AC1}" + }, + { + "name": "http://packetstormsecurity.com/files/119543/Security-Notice-For-CA-ARCserve-Backup.html", + "refsource": "CONFIRM", + "url": "http://packetstormsecurity.com/files/119543/Security-Notice-For-CA-ARCserve-Backup.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3319.json b/2012/3xxx/CVE-2012-3319.json index 5192bd5ec81..fb969ad8c0d 100644 --- a/2012/3xxx/CVE-2012-3319.json +++ b/2012/3xxx/CVE-2012-3319.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21612314", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21612314" - }, - { - "name" : "55718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55718" - }, - { - "name" : "85867", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85867" - }, - { - "name" : "ibm-rbd-webservices-info-disclosure(78726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21612314", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612314" + }, + { + "name": "ibm-rbd-webservices-info-disclosure(78726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78726" + }, + { + "name": "85867", + "refsource": "OSVDB", + "url": "http://osvdb.org/85867" + }, + { + "name": "55718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55718" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3475.json b/2012/3xxx/CVE-2012-3475.json index 3bb57bec7e0..7b2bc38adb4 100644 --- a/2012/3xxx/CVE-2012-3475.json +++ b/2012/3xxx/CVE-2012-3475.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120809 Re: CVE request for Ushahidi", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/08/09/5" - }, - { - "name" : "https://github.com/ushahidi/Ushahidi_Web/commit/7892559", - "refsource" : "CONFIRM", - "url" : "https://github.com/ushahidi/Ushahidi_Web/commit/7892559" - }, - { - "name" : "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03", - "refsource" : "CONFIRM", - "url" : "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120809 Re: CVE request for Ushahidi", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/08/09/5" + }, + { + "name": "https://github.com/ushahidi/Ushahidi_Web/commit/7892559", + "refsource": "CONFIRM", + "url": "https://github.com/ushahidi/Ushahidi_Web/commit/7892559" + }, + { + "name": "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03", + "refsource": "CONFIRM", + "url": "https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3689.json b/2012/3xxx/CVE-2012-3689.json index a4aec01d677..dcb34fa77ae 100644 --- a/2012/3xxx/CVE-2012-3689.json +++ b/2012/3xxx/CVE-2012-3689.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3941.json b/2012/3xxx/CVE-2012-3941.json index 5667afa4731..c5f7887aebd 100644 --- a/2012/3xxx/CVE-2012-3941.json +++ b/2012/3xxx/CVE-2012-3941.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex" - }, - { - "name" : "55866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55866" - }, - { - "name" : "86140", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86140" - }, - { - "name" : "1027639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86140", + "refsource": "OSVDB", + "url": "http://osvdb.org/86140" + }, + { + "name": "1027639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027639" + }, + { + "name": "55866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55866" + }, + { + "name": "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4301.json b/2012/4xxx/CVE-2012-4301.json index cfedf76475e..c28a460ca80 100644 --- a/2012/4xxx/CVE-2012-4301.json +++ b/2012/4xxx/CVE-2012-4301.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that this issue allows remote attackers to execute arbitrary code via an \"invalid type case\" in the init method of the D3DShader class in the com.sun.prism.d3d package. CPU." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130201 Oracle Java SE JavaFx D3DShader Invalid Type Cast Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1027" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "oval:org.mitre.oval:def:16180", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that this issue allows remote attackers to execute arbitrary code via an \"invalid type case\" in the init method of the D3DShader class in the com.sun.prism.d3d package. CPU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "oval:org.mitre.oval:def:16180", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16180" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "20130201 Oracle Java SE JavaFx D3DShader Invalid Type Cast Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1027" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4319.json b/2012/4xxx/CVE-2012-4319.json index f6f0f85a4b1..b074151008b 100644 --- a/2012/4xxx/CVE-2012-4319.json +++ b/2012/4xxx/CVE-2012-4319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4504.json b/2012/4xxx/CVE-2012-4504.json index e5c3e473093..6cdbc5f36b3 100644 --- a/2012/4xxx/CVE-2012-4504.json +++ b/2012/4xxx/CVE-2012-4504.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/12/5" - }, - { - "name" : "[oss-security] 20121012 libproxy PAC downloading buffer overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/12/1" - }, - { - "name" : "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/16/3" - }, - { - "name" : "http://code.google.com/p/libproxy/source/detail?r=853", - "refsource" : "MISC", - "url" : "http://code.google.com/p/libproxy/source/detail?r=853" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=864417", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=864417" - }, - { - "name" : "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E" - }, - { - "name" : "openSUSE-SU-2012:1375", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html" - }, - { - "name" : "USN-1629-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1629-1" - }, - { - "name" : "55909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55909" - }, - { - "name" : "51048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51048" - }, - { - "name" : "libproxy-urlgetpac-bo(79249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:1375", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html" + }, + { + "name": "51048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51048" + }, + { + "name": "55909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55909" + }, + { + "name": "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=864417", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=864417" + }, + { + "name": "USN-1629-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1629-1" + }, + { + "name": "[oss-security] 20121012 libproxy PAC downloading buffer overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/12/1" + }, + { + "name": "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/12/5" + }, + { + "name": "http://code.google.com/p/libproxy/source/detail?r=853", + "refsource": "MISC", + "url": "http://code.google.com/p/libproxy/source/detail?r=853" + }, + { + "name": "libproxy-urlgetpac-bo(79249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79249" + }, + { + "name": "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/16/3" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4563.json b/2012/4xxx/CVE-2012-4563.json index b03c735f856..7394b0b1bdc 100644 --- a/2012/4xxx/CVE-2012-4563.json +++ b/2012/4xxx/CVE-2012-4563.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121030 Re: CVE request: XSS is Google Web Toolkit (GWT)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/31/1" - }, - { - "name" : "https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0", - "refsource" : "CONFIRM", - "url" : "https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0" - }, - { - "name" : "56336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56336" + }, + { + "name": "https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0", + "refsource": "CONFIRM", + "url": "https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0" + }, + { + "name": "[oss-security] 20121030 Re: CVE request: XSS is Google Web Toolkit (GWT)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/31/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4736.json b/2012/4xxx/CVE-2012-4736.json index 8b3bcc018ae..0639bdeec07 100644 --- a/2012/4xxx/CVE-2012-4736.json +++ b/2012/4xxx/CVE-2012-4736.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sophos.com/support/knowledgebase/1376/1380/114138.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.sophos.com/support/knowledgebase/1376/1380/114138.aspx" - }, - { - "name" : "sge-exfat-usbflash-security-bypass(78580)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sophos.com/support/knowledgebase/1376/1380/114138.aspx", + "refsource": "CONFIRM", + "url": "http://www.sophos.com/support/knowledgebase/1376/1380/114138.aspx" + }, + { + "name": "sge-exfat-usbflash-security-bypass(78580)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78580" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4766.json b/2012/4xxx/CVE-2012-4766.json index c9a3e43f5de..9ea13a192aa 100644 --- a/2012/4xxx/CVE-2012-4766.json +++ b/2012/4xxx/CVE-2012-4766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4766", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4766", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6156.json b/2012/6xxx/CVE-2012-6156.json index e2c3141725d..ce33bbef3a6 100644 --- a/2012/6xxx/CVE-2012-6156.json +++ b/2012/6xxx/CVE-2012-6156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6379.json b/2012/6xxx/CVE-2012-6379.json index ccc98ae9e0e..2847ece3d58 100644 --- a/2012/6xxx/CVE-2012-6379.json +++ b/2012/6xxx/CVE-2012-6379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6379", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6379", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6679.json b/2012/6xxx/CVE-2012-6679.json index af14c12181f..4383869cdfe 100644 --- a/2012/6xxx/CVE-2012-6679.json +++ b/2012/6xxx/CVE-2012-6679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6679", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6679", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2396.json b/2017/2xxx/CVE-2017-2396.json index f0d68ba8c0e..81433060efb 100644 --- a/2017/2xxx/CVE-2017-2396.json +++ b/2017/2xxx/CVE-2017-2396.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97130" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97130" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2756.json b/2017/2xxx/CVE-2017-2756.json index dbb907ff01c..c556f2934af 100644 --- a/2017/2xxx/CVE-2017-2756.json +++ b/2017/2xxx/CVE-2017-2756.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2756", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2756", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2903.json b/2017/2xxx/CVE-2017-2903.json index b0e0f6474c2..5f6d16d25d2 100644 --- a/2017/2xxx/CVE-2017-2903.json +++ b/2017/2xxx/CVE-2017-2903.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-01-11T00:00:00", - "ID" : "CVE-2017-2903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Blender", - "version" : { - "version_data" : [ - { - "version_value" : "v2.78c" - } - ] - } - } - ] - }, - "vendor_name" : "Blender" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-01-11T00:00:00", + "ID": "CVE-2017-2903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Blender", + "version": { + "version_data": [ + { + "version_value": "v2.78c" + } + ] + } + } + ] + }, + "vendor_name": "Blender" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" - }, - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410" - }, - { - "name" : "DSA-4248", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" + }, + { + "name": "DSA-4248", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4248" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6653.json b/2017/6xxx/CVE-2017-6653.json index 2350e655663..9c399d59d5a 100644 --- a/2017/6xxx/CVE-2017-6653.json +++ b/2017/6xxx/CVE-2017-6653.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Identity Services Engine" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine", + "version": { + "version_data": [ + { + "version_value": "Cisco Identity Services Engine" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise" - }, - { - "name" : "98536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98536" - }, - { - "name" : "1038516", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98536" + }, + { + "name": "1038516", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038516" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6978.json b/2017/6xxx/CVE-2017-6978.json index 43b7325a99b..9a0647ebbe4 100644 --- a/2017/6xxx/CVE-2017-6978.json +++ b/2017/6xxx/CVE-2017-6978.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-6978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Accessibility Framework\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-6978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42056", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42056/" - }, - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Accessibility Framework\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + }, + { + "name": "42056", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42056/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11113.json b/2018/11xxx/CVE-2018-11113.json index df3d796227a..0280b6bcbcb 100644 --- a/2018/11xxx/CVE-2018-11113.json +++ b/2018/11xxx/CVE-2018-11113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11162.json b/2018/11xxx/CVE-2018-11162.json index f454544c701..a03aaaa1a4c 100644 --- a/2018/11xxx/CVE-2018-11162.json +++ b/2018/11xxx/CVE-2018-11162.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11701.json b/2018/11xxx/CVE-2018-11701.json index d0d0bc2a9b5..5f746be3d30 100644 --- a/2018/11xxx/CVE-2018-11701.json +++ b/2018/11xxx/CVE-2018-11701.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701", - "refsource" : "MISC", - "url" : "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701", + "refsource": "MISC", + "url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11769.json b/2018/11xxx/CVE-2018-11769.json index aab15ded2d7..ccdca2d7558 100644 --- a/2018/11xxx/CVE-2018-11769.json +++ b/2018/11xxx/CVE-2018-11769.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-08-08T00:00:00", - "ID" : "CVE-2018-11769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache CouchDB", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Tomcat 1.x and =2.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-08-08T00:00:00", + "ID": "CVE-2018-11769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache CouchDB", + "version": { + "version_data": [ + { + "version_value": "Apache Tomcat 1.x and =2.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E", - "refsource" : "MISC", - "url" : "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E" - }, - { - "name" : "GLSA-201812-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-06" - }, - { - "name" : "105046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105046" + }, + { + "name": "GLSA-201812-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-06" + }, + { + "name": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E", + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14277.json b/2018/14xxx/CVE-2018-14277.json index 39c171b87cf..ab708437842 100644 --- a/2018/14xxx/CVE-2018-14277.json +++ b/2018/14xxx/CVE-2018-14277.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-737", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-737" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-737", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-737" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14413.json b/2018/14xxx/CVE-2018-14413.json index c8d69388974..5669ff6365f 100644 --- a/2018/14xxx/CVE-2018-14413.json +++ b/2018/14xxx/CVE-2018-14413.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14413", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14413", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14449.json b/2018/14xxx/CVE-2018-14449.json index a4845bcbb5f..685305b2876 100644 --- a/2018/14xxx/CVE-2018-14449.json +++ b/2018/14xxx/CVE-2018-14449.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14548.json b/2018/14xxx/CVE-2018-14548.json index 3aec216c62b..f63e461874e 100644 --- a/2018/14xxx/CVE-2018-14548.json +++ b/2018/14xxx/CVE-2018-14548.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14548", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14548", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14621.json b/2018/14xxx/CVE-2018-14621.json index 51311fb6b7c..0ccc95d7135 100644 --- a/2018/14xxx/CVE-2018-14621.json +++ b/2018/14xxx/CVE-2018-14621.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-14621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libtirpc", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.2-rc2" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-835" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libtirpc", + "version": { + "version_data": [ + { + "version_value": "1.0.2-rc2" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b", - "refsource" : "CONFIRM", - "url" : "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=968175", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=968175" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621" + }, + { + "name": "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b", + "refsource": "CONFIRM", + "url": "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=968175", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=968175" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14751.json b/2018/14xxx/CVE-2018-14751.json index e5b8e6aa657..04c2850c012 100644 --- a/2018/14xxx/CVE-2018-14751.json +++ b/2018/14xxx/CVE-2018-14751.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14751", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14751", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15068.json b/2018/15xxx/CVE-2018-15068.json index 2924c72a37a..2f43a771f1d 100644 --- a/2018/15xxx/CVE-2018-15068.json +++ b/2018/15xxx/CVE-2018-15068.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15068", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15068", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15261.json b/2018/15xxx/CVE-2018-15261.json index f59e91e28e2..2d0c7139488 100644 --- a/2018/15xxx/CVE-2018-15261.json +++ b/2018/15xxx/CVE-2018-15261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15261", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15261", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15411.json b/2018/15xxx/CVE-2018-15411.json index 1b37039f8a7..1736c58a3f8 100644 --- a/2018/15xxx/CVE-2018-15411.json +++ b/2018/15xxx/CVE-2018-15411.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15411", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx WRF Player ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15411", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx WRF Player ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" - }, - { - "name" : "105520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105520" - }, - { - "name" : "1041795", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041795" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-webex-rce", - "defect" : [ - [ - "CSCvj83752", - "CSCvj83767", - "CSCvj83771", - "CSCvj83793", - "CSCvj83797", - "CSCvj83803", - "CSCvj83818", - "CSCvj83824", - "CSCvj83831", - "CSCvj87929", - "CSCvj87934", - "CSCvj93870", - "CSCvj93877", - "CSCvk31089", - "CSCvk33049", - "CSCvk52510", - "CSCvk52518", - "CSCvk52521", - "CSCvk59945", - "CSCvk59949", - "CSCvk59950", - "CSCvk60158", - "CSCvk60163", - "CSCvm51315", - "CSCvm51318", - "CSCvm51361", - "CSCvm51371", - "CSCvm51373", - "CSCvm51374", - "CSCvm51382", - "CSCvm51386", - "CSCvm51391", - "CSCvm51393", - "CSCvm51396", - "CSCvm51398", - "CSCvm51412", - "CSCvm51413", - "CSCvm54531", - "CSCvm54538" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041795", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041795" + }, + { + "name": "105520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105520" + }, + { + "name": "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-webex-rce", + "defect": [ + [ + "CSCvj83752", + "CSCvj83767", + "CSCvj83771", + "CSCvj83793", + "CSCvj83797", + "CSCvj83803", + "CSCvj83818", + "CSCvj83824", + "CSCvj83831", + "CSCvj87929", + "CSCvj87934", + "CSCvj93870", + "CSCvj93877", + "CSCvk31089", + "CSCvk33049", + "CSCvk52510", + "CSCvk52518", + "CSCvk52521", + "CSCvk59945", + "CSCvk59949", + "CSCvk59950", + "CSCvk60158", + "CSCvk60163", + "CSCvm51315", + "CSCvm51318", + "CSCvm51361", + "CSCvm51371", + "CSCvm51373", + "CSCvm51374", + "CSCvm51382", + "CSCvm51386", + "CSCvm51391", + "CSCvm51393", + "CSCvm51396", + "CSCvm51398", + "CSCvm51412", + "CSCvm51413", + "CSCvm54531", + "CSCvm54538" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15833.json b/2018/15xxx/CVE-2018-15833.json index 68c9879269f..a0b41dce0d3 100644 --- a/2018/15xxx/CVE-2018-15833.json +++ b/2018/15xxx/CVE-2018-15833.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/326434", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/326434" - }, - { - "name" : "https://open.vanillaforums.com/discussion/36559", - "refsource" : "MISC", - "url" : "https://open.vanillaforums.com/discussion/36559" - }, - { - "name" : "https://twitter.com/viperbluff/status/1033067882941304832", - "refsource" : "MISC", - "url" : "https://twitter.com/viperbluff/status/1033067882941304832" - }, - { - "name" : "https://twitter.com/viperbluff/status/1033640333890834433", - "refsource" : "MISC", - "url" : "https://twitter.com/viperbluff/status/1033640333890834433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/viperbluff/status/1033067882941304832", + "refsource": "MISC", + "url": "https://twitter.com/viperbluff/status/1033067882941304832" + }, + { + "name": "https://open.vanillaforums.com/discussion/36559", + "refsource": "MISC", + "url": "https://open.vanillaforums.com/discussion/36559" + }, + { + "name": "https://hackerone.com/reports/326434", + "refsource": "MISC", + "url": "https://hackerone.com/reports/326434" + }, + { + "name": "https://twitter.com/viperbluff/status/1033640333890834433", + "refsource": "MISC", + "url": "https://twitter.com/viperbluff/status/1033640333890834433" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15929.json b/2018/15xxx/CVE-2018-15929.json index e22945e3188..783af422e8f 100644 --- a/2018/15xxx/CVE-2018-15929.json +++ b/2018/15xxx/CVE-2018-15929.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105432" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105432" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20347.json b/2018/20xxx/CVE-2018-20347.json index 1b6740eb7aa..f64a5403be6 100644 --- a/2018/20xxx/CVE-2018-20347.json +++ b/2018/20xxx/CVE-2018-20347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20347", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20347", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9204.json b/2018/9xxx/CVE-2018-9204.json index 53d7f20f338..9296a560d08 100644 --- a/2018/9xxx/CVE-2018-9204.json +++ b/2018/9xxx/CVE-2018-9204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9204", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9204", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file