diff --git a/2002/0xxx/CVE-2002-0388.json b/2002/0xxx/CVE-2002-0388.json
index e5d32af96ec..4e972ed1cf4 100644
--- a/2002/0xxx/CVE-2002-0388.json
+++ b/2002/0xxx/CVE-2002-0388.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0388",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0388",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html",
- "refsource" : "CONFIRM",
- "url" : "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
- },
- {
- "name" : "4826",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/4826"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html",
+ "refsource": "CONFIRM",
+ "url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
+ },
+ {
+ "name": "4826",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/4826"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/0xxx/CVE-2002-0604.json b/2002/0xxx/CVE-2002-0604.json
index 1e2b217d9c2..426c3556753 100644
--- a/2002/0xxx/CVE-2002-0604.json
+++ b/2002/0xxx/CVE-2002-0604.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0604",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0604",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=102035583114759&w=2"
- },
- {
- "name" : "20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service",
- "refsource" : "VULNWATCH",
- "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html"
- },
- {
- "name" : "http://www.snapgear.com/releases.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.snapgear.com/releases.html"
- },
- {
- "name" : "snapgear-vpn-ipoptions-dos(8988)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/8988.php"
- },
- {
- "name" : "4660",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/4660"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "4660",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/4660"
+ },
+ {
+ "name": "http://www.snapgear.com/releases.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.snapgear.com/releases.html"
+ },
+ {
+ "name": "20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service",
+ "refsource": "VULNWATCH",
+ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html"
+ },
+ {
+ "name": "snapgear-vpn-ipoptions-dos(8988)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/8988.php"
+ },
+ {
+ "name": "20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=102035583114759&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/0xxx/CVE-2002-0670.json b/2002/0xxx/CVE-2002-0670.json
index 3b380ebdff0..103cb547b62 100644
--- a/2002/0xxx/CVE-2002-0670.json
+++ b/2002/0xxx/CVE-2002-0670.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0670",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0670",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "A071202-1",
- "refsource" : "ATSTAKE",
- "url" : "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
- },
- {
- "name" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
- "refsource" : "CONFIRM",
- "url" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
- },
- {
- "name" : "pingtel-xpressa-plaintext-passwords(9565)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/9565.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "pingtel-xpressa-plaintext-passwords(9565)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/9565.php"
+ },
+ {
+ "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
+ "refsource": "CONFIRM",
+ "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
+ },
+ {
+ "name": "A071202-1",
+ "refsource": "ATSTAKE",
+ "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/0xxx/CVE-2002-0893.json b/2002/0xxx/CVE-2002-0893.json
index 59c24ea5493..736f5168b99 100644
--- a/2002/0xxx/CVE-2002-0893.json
+++ b/2002/0xxx/CVE-2002-0893.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0893",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing \"..%5c\" (modified dot-dot) sequences."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0893",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1",
- "refsource" : "BUGTRAQ",
- "url" : "http://online.securityfocus.com/archive/1/273615"
- },
- {
- "name" : "20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1",
- "refsource" : "VULNWATCH",
- "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html"
- },
- {
- "name" : "servletexec-dotdot-directory-traversal(9140)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/9140.php"
- },
- {
- "name" : "4795",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/4795"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing \"..%5c\" (modified dot-dot) sequences."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1",
+ "refsource": "BUGTRAQ",
+ "url": "http://online.securityfocus.com/archive/1/273615"
+ },
+ {
+ "name": "4795",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/4795"
+ },
+ {
+ "name": "servletexec-dotdot-directory-traversal(9140)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/9140.php"
+ },
+ {
+ "name": "20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1",
+ "refsource": "VULNWATCH",
+ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1236.json b/2002/1xxx/CVE-2002-1236.json
index db06fb6c72f..84344b45708 100644
--- a/2002/1xxx/CVE-2002-1236.json
+++ b/2002/1xxx/CVE-2002-1236.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1236",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1236",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.idefense.com/advisory/10.31.02a.txt",
- "refsource" : "MISC",
- "url" : "http://www.idefense.com/advisory/10.31.02a.txt"
- },
- {
- "name" : "20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=103616324103171&w=2"
- },
- {
- "name" : "20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router",
- "refsource" : "VULNWATCH",
- "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html"
- },
- {
- "name" : "linksys-etherfast-gozila-dos(10514)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/10514.php"
- },
- {
- "name" : "6086",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/6086"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router",
+ "refsource": "VULNWATCH",
+ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html"
+ },
+ {
+ "name": "6086",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/6086"
+ },
+ {
+ "name": "http://www.idefense.com/advisory/10.31.02a.txt",
+ "refsource": "MISC",
+ "url": "http://www.idefense.com/advisory/10.31.02a.txt"
+ },
+ {
+ "name": "linksys-etherfast-gozila-dos(10514)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/10514.php"
+ },
+ {
+ "name": "20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=103616324103171&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1240.json b/2002/1xxx/CVE-2002-1240.json
index 620b3a730d9..ae8bb98fb93 100644
--- a/2002/1xxx/CVE-2002-1240.json
+++ b/2002/1xxx/CVE-2002-1240.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1240",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1240",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1961.json b/2002/1xxx/CVE-2002-1961.json
index 9aefcdabd49..a6cdc8a391c 100644
--- a/2002/1xxx/CVE-2002-1961.json
+++ b/2002/1xxx/CVE-2002-1961.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1961",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name (FQDN) that ends in a \".\" (dot)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1961",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020904 Bypassing the Finjan SurfinGate URL filter",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0032.html"
- },
- {
- "name" : "20020904 RE: Bypassing the Finjan SurfinGate URL filter",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0043.html"
- },
- {
- "name" : "5634",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/5634"
- },
- {
- "name" : "finjan-surfingate-dot-bypass(10037)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/10037.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name (FQDN) that ends in a \".\" (dot)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20020904 RE: Bypassing the Finjan SurfinGate URL filter",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0043.html"
+ },
+ {
+ "name": "5634",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/5634"
+ },
+ {
+ "name": "20020904 Bypassing the Finjan SurfinGate URL filter",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0032.html"
+ },
+ {
+ "name": "finjan-surfingate-dot-bypass(10037)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/10037.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/2xxx/CVE-2002-2164.json b/2002/2xxx/CVE-2002-2164.json
index cab694cffe7..1c6bc18bc45 100644
--- a/2002/2xxx/CVE-2002-2164.json
+++ b/2002/2xxx/CVE-2002-2164.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-2164",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long link."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-2164",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020909 Small bug crashes OE",
- "refsource" : "BUGTRAQ",
- "url" : "http://online.securityfocus.com/archive/1/291058"
- },
- {
- "name" : "20020909 Small correction...",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0082.html"
- },
- {
- "name" : "outlook-express-href-dos(10067)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/10067.php"
- },
- {
- "name" : "5682",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/5682"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long link."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20020909 Small bug crashes OE",
+ "refsource": "BUGTRAQ",
+ "url": "http://online.securityfocus.com/archive/1/291058"
+ },
+ {
+ "name": "5682",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/5682"
+ },
+ {
+ "name": "outlook-express-href-dos(10067)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/10067.php"
+ },
+ {
+ "name": "20020909 Small correction...",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0082.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0345.json b/2003/0xxx/CVE-2003-0345.json
index 9acc25a69e7..a306e3713be 100644
--- a/2003/0xxx/CVE-2003-0345.json
+++ b/2003/0xxx/CVE-2003-0345.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0345",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0345",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "MS03-024",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-024"
- },
- {
- "name" : "VU#337764",
- "refsource" : "CERT-VN",
- "url" : "http://www.kb.cert.org/vuls/id/337764"
- },
- {
- "name" : "oval:org.mitre.oval:def:146",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A146"
- },
- {
- "name" : "win-smb-bo(12544)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12544"
- },
- {
- "name" : "8152",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/8152"
- },
- {
- "name" : "oval:org.mitre.oval:def:118",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A118"
- },
- {
- "name" : "oval:org.mitre.oval:def:3391",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3391"
- },
- {
- "name" : "1007154",
- "refsource" : "SECTRACK",
- "url" : "http://securitytracker.com/id?1007154"
- },
- {
- "name" : "9225",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/9225"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "VU#337764",
+ "refsource": "CERT-VN",
+ "url": "http://www.kb.cert.org/vuls/id/337764"
+ },
+ {
+ "name": "9225",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/9225"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:146",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A146"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:118",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A118"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:3391",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3391"
+ },
+ {
+ "name": "win-smb-bo(12544)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12544"
+ },
+ {
+ "name": "MS03-024",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-024"
+ },
+ {
+ "name": "8152",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/8152"
+ },
+ {
+ "name": "1007154",
+ "refsource": "SECTRACK",
+ "url": "http://securitytracker.com/id?1007154"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0768.json b/2003/0xxx/CVE-2003-0768.json
index 420d422a7ea..9ed5067a924 100644
--- a/2003/0xxx/CVE-2003-0768.json
+++ b/2003/0xxx/CVE-2003-0768.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0768",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0768",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=106304326916062&w=2"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=106304326916062&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2005/1xxx/CVE-2005-1072.json b/2005/1xxx/CVE-2005-1072.json
index 3f9be2a2cb4..1df8475e8bc 100644
--- a/2005/1xxx/CVE-2005-1072.json
+++ b/2005/1xxx/CVE-2005-1072.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2005-1072",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2005-1072",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.punbb.org/",
- "refsource" : "CONFIRM",
- "url" : "http://www.punbb.org/"
- },
- {
- "name" : "14882",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/14882"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "14882",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/14882"
+ },
+ {
+ "name": "http://www.punbb.org/",
+ "refsource": "CONFIRM",
+ "url": "http://www.punbb.org/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2005/1xxx/CVE-2005-1395.json b/2005/1xxx/CVE-2005-1395.json
index 0a091770686..64631c68297 100644
--- a/2005/1xxx/CVE-2005-1395.json
+++ b/2005/1xxx/CVE-2005-1395.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2005-1395",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2005-1395",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20050501 DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite'",
- "refsource" : "FULLDISC",
- "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033705.html"
- },
- {
- "name" : "http://www.digitalmunition.com/DMA[2005-0501a].txt",
- "refsource" : "MISC",
- "url" : "http://www.digitalmunition.com/DMA[2005-0501a].txt"
- },
- {
- "name" : "1013855",
- "refsource" : "SECTRACK",
- "url" : "http://securitytracker.com/id?1013855"
- },
- {
- "name" : "15197",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/15197"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20050501 DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite'",
+ "refsource": "FULLDISC",
+ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033705.html"
+ },
+ {
+ "name": "1013855",
+ "refsource": "SECTRACK",
+ "url": "http://securitytracker.com/id?1013855"
+ },
+ {
+ "name": "15197",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/15197"
+ },
+ {
+ "name": "http://www.digitalmunition.com/DMA[2005-0501a].txt",
+ "refsource": "MISC",
+ "url": "http://www.digitalmunition.com/DMA[2005-0501a].txt"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2005/1xxx/CVE-2005-1756.json b/2005/1xxx/CVE-2005-1756.json
index 54493f15a1e..f72dc0c6010 100644
--- a/2005/1xxx/CVE-2005-1756.json
+++ b/2005/1xxx/CVE-2005-1756.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2005-1756",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2005-1756",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm"
- },
- {
- "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm"
- },
- {
- "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm"
- },
- {
- "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm"
- },
- {
- "name" : "13926",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/13926"
- },
- {
- "name" : "ADV-2005-0727",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2005/0727"
- },
- {
- "name" : "17240",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/17240"
- },
- {
- "name" : "15644",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/15644"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm"
+ },
+ {
+ "name": "ADV-2005-0727",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2005/0727"
+ },
+ {
+ "name": "17240",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/17240"
+ },
+ {
+ "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm"
+ },
+ {
+ "name": "15644",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/15644"
+ },
+ {
+ "name": "13926",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/13926"
+ },
+ {
+ "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm"
+ },
+ {
+ "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2005/1xxx/CVE-2005-1757.json b/2005/1xxx/CVE-2005-1757.json
index f8a9ea2cbca..dc525e1c8ef 100644
--- a/2005/1xxx/CVE-2005-1757.json
+++ b/2005/1xxx/CVE-2005-1757.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2005-1757",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2005-1757",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm"
- },
- {
- "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm"
- },
- {
- "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm"
- },
- {
- "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm"
- },
- {
- "name" : "13926",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/13926"
- },
- {
- "name" : "ADV-2005-0727",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2005/0727"
- },
- {
- "name" : "17241",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/17241"
- },
- {
- "name" : "15644",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/15644"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm"
+ },
+ {
+ "name": "ADV-2005-0727",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2005/0727"
+ },
+ {
+ "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm"
+ },
+ {
+ "name": "15644",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/15644"
+ },
+ {
+ "name": "13926",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/13926"
+ },
+ {
+ "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm"
+ },
+ {
+ "name": "17241",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/17241"
+ },
+ {
+ "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2009/1xxx/CVE-2009-1145.json b/2009/1xxx/CVE-2009-1145.json
index 49a3b11a593..74a8b61ecd5 100644
--- a/2009/1xxx/CVE-2009-1145.json
+++ b/2009/1xxx/CVE-2009-1145.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2009-1145",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2009-1145",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2009/1xxx/CVE-2009-1730.json b/2009/1xxx/CVE-2009-1730.json
index fae6f1ef44a..9776f069dbb 100644
--- a/2009/1xxx/CVE-2009-1730.json
+++ b/2009/1xxx/CVE-2009-1730.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2009-1730",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2009-1730",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1",
- "refsource" : "MISC",
- "url" : "http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1"
- },
- {
- "name" : "35002",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/35002"
- },
- {
- "name" : "35131",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35131"
- },
- {
- "name" : "netdecision-tftp-dir-traversal(50574)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50574"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1",
+ "refsource": "MISC",
+ "url": "http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1"
+ },
+ {
+ "name": "35131",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35131"
+ },
+ {
+ "name": "netdecision-tftp-dir-traversal(50574)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50574"
+ },
+ {
+ "name": "35002",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/35002"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2009/1xxx/CVE-2009-1880.json b/2009/1xxx/CVE-2009-1880.json
index 99b41b8142d..ce8aa734b16 100644
--- a/2009/1xxx/CVE-2009-1880.json
+++ b/2009/1xxx/CVE-2009-1880.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2009-1880",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2009-1880",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "JVN#01115659",
- "refsource" : "JVN",
- "url" : "http://jvn.jp/en/jp/JVN01115659/index.html"
- },
- {
- "name" : "JVNDB-2009-000033",
- "refsource" : "JVNDB",
- "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000033.html"
- },
- {
- "name" : "35251",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35251"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "JVN#01115659",
+ "refsource": "JVN",
+ "url": "http://jvn.jp/en/jp/JVN01115659/index.html"
+ },
+ {
+ "name": "JVNDB-2009-000033",
+ "refsource": "JVNDB",
+ "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000033.html"
+ },
+ {
+ "name": "35251",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35251"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2009/1xxx/CVE-2009-1956.json b/2009/1xxx/CVE-2009-1956.json
index 241368829bd..ed0e4b9866d 100644
--- a/2009/1xxx/CVE-2009-1956.json
+++ b/2009/1xxx/CVE-2009-1956.json
@@ -1,252 +1,252 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2009-1956",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2009-1956",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[dev] 20090424 Buffer overflow in apr_brigade_vprintf() ?",
- "refsource" : "MLIST",
- "url" : "http://www.mail-archive.com/dev@apr.apache.org/msg21591.html"
- },
- {
- "name" : "[dev] 20090424 Re: Buffer overflow in apr_brigade_vprintf() ?",
- "refsource" : "MLIST",
- "url" : "http://www.mail-archive.com/dev@apr.apache.org/msg21592.html"
- },
- {
- "name" : "[oss-security] 20090605 CVE Request (apr-util)",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2009/06/06/1"
- },
- {
- "name" : "http://svn.apache.org/viewvc?view=rev&revision=768417",
- "refsource" : "CONFIRM",
- "url" : "http://svn.apache.org/viewvc?view=rev&revision=768417"
- },
- {
- "name" : "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
- "refsource" : "CONFIRM",
- "url" : "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=504390",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
- },
- {
- "name" : "http://support.apple.com/kb/HT3937",
- "refsource" : "CONFIRM",
- "url" : "http://support.apple.com/kb/HT3937"
- },
- {
- "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
- "refsource" : "CONFIRM",
- "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
- },
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
- },
- {
- "name" : "PK88341",
- "refsource" : "AIXAPAR",
- "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
- },
- {
- "name" : "PK91241",
- "refsource" : "AIXAPAR",
- "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
- },
- {
- "name" : "PK99478",
- "refsource" : "AIXAPAR",
- "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
- },
- {
- "name" : "APPLE-SA-2009-11-09-1",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
- },
- {
- "name" : "FEDORA-2009-5969",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
- },
- {
- "name" : "FEDORA-2009-6014",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
- },
- {
- "name" : "FEDORA-2009-6261",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
- },
- {
- "name" : "GLSA-200907-03",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200907-03.xml"
- },
- {
- "name" : "HPSBUX02612",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
- },
- {
- "name" : "SSRT100345",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
- },
- {
- "name" : "MDVSA-2009:131",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
- },
- {
- "name" : "MDVSA-2013:150",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
- },
- {
- "name" : "RHSA-2009:1107",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
- },
- {
- "name" : "RHSA-2009:1108",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
- },
- {
- "name" : "USN-786-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/usn-786-1"
- },
- {
- "name" : "USN-787-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/usn-787-1"
- },
- {
- "name" : "35251",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/35251"
- },
- {
- "name" : "oval:org.mitre.oval:def:11567",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11567"
- },
- {
- "name" : "oval:org.mitre.oval:def:12237",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12237"
- },
- {
- "name" : "34724",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/34724"
- },
- {
- "name" : "35487",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35487"
- },
- {
- "name" : "35395",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35395"
- },
- {
- "name" : "35565",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35565"
- },
- {
- "name" : "35710",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35710"
- },
- {
- "name" : "35284",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35284"
- },
- {
- "name" : "35843",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35843"
- },
- {
- "name" : "35797",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35797"
- },
- {
- "name" : "37221",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/37221"
- },
- {
- "name" : "ADV-2009-1907",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2009/1907"
- },
- {
- "name" : "ADV-2009-3184",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2009/3184"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "35487",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35487"
+ },
+ {
+ "name": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
+ "refsource": "CONFIRM",
+ "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
+ },
+ {
+ "name": "ADV-2009-1907",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2009/1907"
+ },
+ {
+ "name": "FEDORA-2009-5969",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
+ },
+ {
+ "name": "PK88341",
+ "refsource": "AIXAPAR",
+ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
+ },
+ {
+ "name": "MDVSA-2009:131",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
+ },
+ {
+ "name": "35395",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35395"
+ },
+ {
+ "name": "PK99478",
+ "refsource": "AIXAPAR",
+ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
+ },
+ {
+ "name": "35284",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35284"
+ },
+ {
+ "name": "PK91241",
+ "refsource": "AIXAPAR",
+ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
+ },
+ {
+ "name": "[oss-security] 20090605 CVE Request (apr-util)",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2009/06/06/1"
+ },
+ {
+ "name": "35251",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/35251"
+ },
+ {
+ "name": "35843",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35843"
+ },
+ {
+ "name": "FEDORA-2009-6014",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
+ },
+ {
+ "name": "RHSA-2009:1108",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
+ },
+ {
+ "name": "HPSBUX02612",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
+ },
+ {
+ "name": "35797",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35797"
+ },
+ {
+ "name": "http://svn.apache.org/viewvc?view=rev&revision=768417",
+ "refsource": "CONFIRM",
+ "url": "http://svn.apache.org/viewvc?view=rev&revision=768417"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
+ },
+ {
+ "name": "GLSA-200907-03",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
+ },
+ {
+ "name": "[dev] 20090424 Re: Buffer overflow in apr_brigade_vprintf() ?",
+ "refsource": "MLIST",
+ "url": "http://www.mail-archive.com/dev@apr.apache.org/msg21592.html"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:11567",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11567"
+ },
+ {
+ "name": "FEDORA-2009-6261",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
+ },
+ {
+ "name": "[dev] 20090424 Buffer overflow in apr_brigade_vprintf() ?",
+ "refsource": "MLIST",
+ "url": "http://www.mail-archive.com/dev@apr.apache.org/msg21591.html"
+ },
+ {
+ "name": "USN-786-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/usn-786-1"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=504390",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
+ },
+ {
+ "name": "34724",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/34724"
+ },
+ {
+ "name": "37221",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/37221"
+ },
+ {
+ "name": "35565",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35565"
+ },
+ {
+ "name": "ADV-2009-3184",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2009/3184"
+ },
+ {
+ "name": "SSRT100345",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
+ },
+ {
+ "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
+ "refsource": "CONFIRM",
+ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
+ },
+ {
+ "name": "APPLE-SA-2009-11-09-1",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
+ },
+ {
+ "name": "MDVSA-2013:150",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
+ },
+ {
+ "name": "35710",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35710"
+ },
+ {
+ "name": "RHSA-2009:1107",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
+ },
+ {
+ "name": "http://support.apple.com/kb/HT3937",
+ "refsource": "CONFIRM",
+ "url": "http://support.apple.com/kb/HT3937"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:12237",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12237"
+ },
+ {
+ "name": "USN-787-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/usn-787-1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2009/1xxx/CVE-2009-1977.json b/2009/1xxx/CVE-2009-1977.json
index 0db724a6731..4b2add0a18e 100644
--- a/2009/1xxx/CVE-2009-1977.json
+++ b/2009/1xxx/CVE-2009-1977.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2009-1977",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2009-1977",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-058/",
- "refsource" : "MISC",
- "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-058/"
- },
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
- },
- {
- "name" : "35672",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/35672"
- },
- {
- "name" : "55903",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/55903"
- },
- {
- "name" : "1022565",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1022565"
- },
- {
- "name" : "35776",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/35776"
- },
- {
- "name" : "ADV-2009-1900",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2009/1900"
- },
- {
- "name" : "oracle-securebackup-sbc-unspecified(51761)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51761"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "35672",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/35672"
+ },
+ {
+ "name": "35776",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/35776"
+ },
+ {
+ "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-058/",
+ "refsource": "MISC",
+ "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-058/"
+ },
+ {
+ "name": "ADV-2009-1900",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2009/1900"
+ },
+ {
+ "name": "55903",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/55903"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
+ },
+ {
+ "name": "1022565",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1022565"
+ },
+ {
+ "name": "oracle-securebackup-sbc-unspecified(51761)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51761"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0098.json b/2012/0xxx/CVE-2012-0098.json
index eb418b2c2a8..0be9370643e 100644
--- a/2012/0xxx/CVE-2012-0098.json
+++ b/2012/0xxx/CVE-2012-0098.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0098",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2012-0098",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
- },
- {
- "name" : "78427",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/78427"
- },
- {
- "name" : "48308",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48308"
- },
- {
- "name" : "sun-solarisunknown-dos(72510)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72510"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "sun-solarisunknown-dos(72510)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72510"
+ },
+ {
+ "name": "48308",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48308"
+ },
+ {
+ "name": "78427",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/78427"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0222.json b/2012/0xxx/CVE-2012-0222.json
index 3efa80ae3d2..0246a4ad515 100644
--- a/2012/0xxx/CVE-2012-0222.json
+++ b/2012/0xxx/CVE-2012-0222.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0222",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cert@cert.org",
+ "ID": "CVE-2012-0222",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937",
- "refsource" : "MISC",
- "url" : "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937"
- },
- {
- "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf",
- "refsource" : "MISC",
- "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937",
+ "refsource": "MISC",
+ "url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937"
+ },
+ {
+ "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf",
+ "refsource": "MISC",
+ "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0230.json b/2012/0xxx/CVE-2012-0230.json
index a9be38fda70..2f07871e94d 100644
--- a/2012/0xxx/CVE-2012-0230.json
+++ b/2012/0xxx/CVE-2012-0230.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0230",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cert@cert.org",
+ "ID": "CVE-2012-0230",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766",
- "refsource" : "MISC",
- "url" : "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766"
- },
- {
- "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf",
- "refsource" : "MISC",
- "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf"
- },
- {
- "name" : "52434",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/52434"
- },
- {
- "name" : "48415",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48415"
- },
- {
- "name" : "proficy-plant-prrds-code-exec(73956)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73956"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "52434",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/52434"
+ },
+ {
+ "name": "proficy-plant-prrds-code-exec(73956)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73956"
+ },
+ {
+ "name": "48415",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48415"
+ },
+ {
+ "name": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766",
+ "refsource": "MISC",
+ "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766"
+ },
+ {
+ "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf",
+ "refsource": "MISC",
+ "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0538.json b/2012/0xxx/CVE-2012-0538.json
index e46576ef887..f93122012ea 100644
--- a/2012/0xxx/CVE-2012-0538.json
+++ b/2012/0xxx/CVE-2012-0538.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0538",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Search."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2012-0538",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
- },
- {
- "name" : "MDVSA-2013:150",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
- },
- {
- "name" : "53065",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/53065"
- },
- {
- "name" : "1026954",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1026954"
- },
- {
- "name" : "48882",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48882"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Search."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "48882",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48882"
+ },
+ {
+ "name": "1026954",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1026954"
+ },
+ {
+ "name": "53065",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/53065"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
+ },
+ {
+ "name": "MDVSA-2013:150",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0910.json b/2012/0xxx/CVE-2012-0910.json
index 32c459fc8e6..9ec77951332 100644
--- a/2012/0xxx/CVE-2012-0910.json
+++ b/2012/0xxx/CVE-2012-0910.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0910",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-0910",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0929.json b/2012/0xxx/CVE-2012-0929.json
index 3540388ded1..fc808d61816 100644
--- a/2012/0xxx/CVE-2012-0929.json
+++ b/2012/0xxx/CVE-2012-0929.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0929",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-0929",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf",
- "refsource" : "MISC",
- "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
- },
- {
- "name" : "51605",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/51605"
- },
- {
- "name" : "47723",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/47723"
- },
- {
- "name" : "schneider-modicon-ftp-dos(72589)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589"
- },
- {
- "name" : "schneider-modicon-http-dos(72588)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72588"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf",
+ "refsource": "MISC",
+ "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
+ },
+ {
+ "name": "51605",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/51605"
+ },
+ {
+ "name": "47723",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/47723"
+ },
+ {
+ "name": "schneider-modicon-http-dos(72588)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72588"
+ },
+ {
+ "name": "schneider-modicon-ftp-dos(72589)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0966.json b/2012/0xxx/CVE-2012-0966.json
index 770a66d3935..73266155be2 100644
--- a/2012/0xxx/CVE-2012-0966.json
+++ b/2012/0xxx/CVE-2012-0966.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0966",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2012-0966",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/3xxx/CVE-2012-3281.json b/2012/3xxx/CVE-2012-3281.json
index 1e4e044166f..708a8713ca8 100644
--- a/2012/3xxx/CVE-2012-3281.json
+++ b/2012/3xxx/CVE-2012-3281.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-3281",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "hp-security-alert@hp.com",
+ "ID": "CVE-2012-3281",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "HPSBST02839",
- "refsource" : "HP",
- "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03650706"
- },
- {
- "name" : "SSRT101077",
- "refsource" : "HP",
- "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03650706"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "HPSBST02839",
+ "refsource": "HP",
+ "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03650706"
+ },
+ {
+ "name": "SSRT101077",
+ "refsource": "HP",
+ "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03650706"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/3xxx/CVE-2012-3308.json b/2012/3xxx/CVE-2012-3308.json
index 31d0cd16778..53f1bb1e763 100644
--- a/2012/3xxx/CVE-2012-3308.json
+++ b/2012/3xxx/CVE-2012-3308.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-3308",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@us.ibm.com",
+ "ID": "CVE-2012-3308",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.ibm.com/support/docview.wss?uid=swg21599114",
- "refsource" : "CONFIRM",
- "url" : "http://www.ibm.com/support/docview.wss?uid=swg21599114"
- },
- {
- "name" : "http://www.ibm.com/support/docview.wss?uid=swg21607903",
- "refsource" : "CONFIRM",
- "url" : "http://www.ibm.com/support/docview.wss?uid=swg21607903"
- },
- {
- "name" : "1027402",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1027402"
- },
- {
- "name" : "ibm-sametime-xss(77567)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77567"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1027402",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1027402"
+ },
+ {
+ "name": "ibm-sametime-xss(77567)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77567"
+ },
+ {
+ "name": "http://www.ibm.com/support/docview.wss?uid=swg21607903",
+ "refsource": "CONFIRM",
+ "url": "http://www.ibm.com/support/docview.wss?uid=swg21607903"
+ },
+ {
+ "name": "http://www.ibm.com/support/docview.wss?uid=swg21599114",
+ "refsource": "CONFIRM",
+ "url": "http://www.ibm.com/support/docview.wss?uid=swg21599114"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/3xxx/CVE-2012-3322.json b/2012/3xxx/CVE-2012-3322.json
index 6e34a65ca2d..f903249cd80 100644
--- a/2012/3xxx/CVE-2012-3322.json
+++ b/2012/3xxx/CVE-2012-3322.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-3322",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@us.ibm.com",
+ "ID": "CVE-2012-3322",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
- "refsource" : "CONFIRM",
- "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
- },
- {
- "name" : "IV23838",
- "refsource" : "AIXAPAR",
- "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
- },
- {
- "name" : "mam-displayname-xss(77918)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "IV23838",
+ "refsource": "AIXAPAR",
+ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
+ },
+ {
+ "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
+ "refsource": "CONFIRM",
+ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
+ },
+ {
+ "name": "mam-displayname-xss(77918)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/3xxx/CVE-2012-3662.json b/2012/3xxx/CVE-2012-3662.json
index 9b16036b33f..8a8683fc5b1 100644
--- a/2012/3xxx/CVE-2012-3662.json
+++ b/2012/3xxx/CVE-2012-3662.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-3662",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-3662",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/3xxx/CVE-2012-3915.json b/2012/3xxx/CVE-2012-3915.json
index 8a241c31a43..e739319e82b 100644
--- a/2012/3xxx/CVE-2012-3915.json
+++ b/2012/3xxx/CVE-2012-3915.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-3915",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "ID": "CVE-2012-3915",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html"
- },
- {
- "name" : "ciscoios-dmvpn-tunnel-dos(78809)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78809"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html"
+ },
+ {
+ "name": "ciscoios-dmvpn-tunnel-dos(78809)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78809"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4261.json b/2012/4xxx/CVE-2012-4261.json
index 7ed1e35caca..1619819e581 100644
--- a/2012/4xxx/CVE-2012-4261.json
+++ b/2012/4xxx/CVE-2012-4261.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4261",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-4261",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "81684",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/81684"
- },
- {
- "name" : "49029",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/49029"
- },
- {
- "name" : "mycare2xcms-multiple-sql-injection-(75390)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75390"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "49029",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/49029"
+ },
+ {
+ "name": "mycare2xcms-multiple-sql-injection-(75390)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75390"
+ },
+ {
+ "name": "81684",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/81684"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4696.json b/2012/4xxx/CVE-2012-4696.json
index 6eeb749a47c..fad51cb22f7 100644
--- a/2012/4xxx/CVE-2012-4696.json
+++ b/2012/4xxx/CVE-2012-4696.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4696",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and H-Designer 6.5.0 B180_R1967, allows local users to gain privileges by inserting a long string into a DLL file."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "ID": "CVE-2012-4696",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-024-01.pdf",
- "refsource" : "MISC",
- "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-024-01.pdf"
- },
- {
- "name" : "57546",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/57546"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and H-Designer 6.5.0 B180_R1967, allows local users to gain privileges by inserting a long string into a DLL file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "57546",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/57546"
+ },
+ {
+ "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-024-01.pdf",
+ "refsource": "MISC",
+ "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-024-01.pdf"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/6xxx/CVE-2012-6384.json b/2012/6xxx/CVE-2012-6384.json
index cf746ff3145..9c70e92471c 100644
--- a/2012/6xxx/CVE-2012-6384.json
+++ b/2012/6xxx/CVE-2012-6384.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-6384",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-6384",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/6xxx/CVE-2012-6603.json b/2012/6xxx/CVE-2012-6603.json
index 78ba13212c4..99561bd3730 100644
--- a/2012/6xxx/CVE-2012-6603.json
+++ b/2012/6xxx/CVE-2012-6603.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-6603",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-6603",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/14",
- "refsource" : "CONFIRM",
- "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/14"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/14",
+ "refsource": "CONFIRM",
+ "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/14"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/6xxx/CVE-2012-6703.json b/2012/6xxx/CVE-2012-6703.json
index 1ad06dddf24..32baba23e35 100644
--- a/2012/6xxx/CVE-2012-6703.json
+++ b/2012/6xxx/CVE-2012-6703.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-6703",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@suse.com",
+ "ID": "CVE-2012-6703",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20160628 Re: CVE Request: integer overflow in ALSA snd_compress_check_input",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2016/06/28/6"
- },
- {
- "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab",
- "refsource" : "CONFIRM",
- "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1351076",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1351076"
- },
- {
- "name" : "https://github.com/torvalds/linux/commit/b35cc8225845112a616e3a2266d2fde5ab13d3ab",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/torvalds/linux/commit/b35cc8225845112a616e3a2266d2fde5ab13d3ab"
- },
- {
- "name" : "https://www.kernel.org/pub/linux/kernel/next/patch-v3.6-rc6-next-20120917.xz",
- "refsource" : "CONFIRM",
- "url" : "https://www.kernel.org/pub/linux/kernel/next/patch-v3.6-rc6-next-20120917.xz"
- },
- {
- "name" : "91502",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/91502"
- },
- {
- "name" : "1036190",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1036190"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "[oss-security] 20160628 Re: CVE Request: integer overflow in ALSA snd_compress_check_input",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2016/06/28/6"
+ },
+ {
+ "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab",
+ "refsource": "CONFIRM",
+ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab"
+ },
+ {
+ "name": "https://github.com/torvalds/linux/commit/b35cc8225845112a616e3a2266d2fde5ab13d3ab",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/torvalds/linux/commit/b35cc8225845112a616e3a2266d2fde5ab13d3ab"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1351076",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1351076"
+ },
+ {
+ "name": "https://www.kernel.org/pub/linux/kernel/next/patch-v3.6-rc6-next-20120917.xz",
+ "refsource": "CONFIRM",
+ "url": "https://www.kernel.org/pub/linux/kernel/next/patch-v3.6-rc6-next-20120917.xz"
+ },
+ {
+ "name": "91502",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/91502"
+ },
+ {
+ "name": "1036190",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1036190"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/1002xxx/CVE-2017-1002002.json b/2017/1002xxx/CVE-2017-1002002.json
index c973034adf7..988be6596f9 100644
--- a/2017/1002xxx/CVE-2017-1002002.json
+++ b/2017/1002xxx/CVE-2017-1002002.json
@@ -1,81 +1,81 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
- "DATE_ASSIGNED" : "2017-03-01",
- "ID" : "CVE-2017-1002002",
- "REQUESTER" : "kurt@seifried.org",
- "STATE" : "PUBLIC",
- "UPDATED" : "2017-08-10T14:41Z"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "webapp-builder",
- "version" : {
- "version_data" : [
- {
- "version_affected" : "<",
- "version_value" : "2.0"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Invedion"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/"
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Unrestricted File Upload"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "larry0@me.com",
+ "DATE_ASSIGNED": "2017-03-01",
+ "ID": "CVE-2017-1002002",
+ "REQUESTER": "kurt@seifried.org",
+ "STATE": "PUBLIC",
+ "UPDATED": "2017-08-10T14:41Z"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "webapp-builder",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_value": "2.0"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Invedion"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "41540",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/41540/"
- },
- {
- "name" : "http://www.vapidlabs.com/advisory.php?v=181",
- "refsource" : "MISC",
- "url" : "http://www.vapidlabs.com/advisory.php?v=181"
- },
- {
- "name" : "https://wordpress.org/plugins-wp/webapp-builder/",
- "refsource" : "MISC",
- "url" : "https://wordpress.org/plugins-wp/webapp-builder/"
- },
- {
- "name" : "96906",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/96906"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Unrestricted File Upload"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "96906",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/96906"
+ },
+ {
+ "name": "https://wordpress.org/plugins-wp/webapp-builder/",
+ "refsource": "MISC",
+ "url": "https://wordpress.org/plugins-wp/webapp-builder/"
+ },
+ {
+ "name": "http://www.vapidlabs.com/advisory.php?v=181",
+ "refsource": "MISC",
+ "url": "http://www.vapidlabs.com/advisory.php?v=181"
+ },
+ {
+ "name": "41540",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/41540/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2130.json b/2017/2xxx/CVE-2017-2130.json
index ae28d17013f..f86d0c83821 100644
--- a/2017/2xxx/CVE-2017-2130.json
+++ b/2017/2xxx/CVE-2017-2130.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "vultures@jpcert.or.jp",
- "ID" : "CVE-2017-2130",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "The installer of PhishWall Client Internet Explorer version",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Ver. 3.7.13 and earlier"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "SecureBrain Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Untrusted search path vulnerability"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "ID": "CVE-2017-2130",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "The installer of PhishWall Client Internet Explorer version",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Ver. 3.7.13 and earlier"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "SecureBrain Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.securebrain.co.jp/about/news/2017/03/170316.html",
- "refsource" : "MISC",
- "url" : "http://www.securebrain.co.jp/about/news/2017/03/170316.html"
- },
- {
- "name" : "JVN#93699304",
- "refsource" : "JVN",
- "url" : "http://jvn.jp/en/jp/JVN93699304/index.html"
- },
- {
- "name" : "97113",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97113"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Untrusted search path vulnerability"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "97113",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97113"
+ },
+ {
+ "name": "http://www.securebrain.co.jp/about/news/2017/03/170316.html",
+ "refsource": "MISC",
+ "url": "http://www.securebrain.co.jp/about/news/2017/03/170316.html"
+ },
+ {
+ "name": "JVN#93699304",
+ "refsource": "JVN",
+ "url": "http://jvn.jp/en/jp/JVN93699304/index.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2412.json b/2017/2xxx/CVE-2017-2412.json
index 1c1b4b33a71..8576cc60a30 100644
--- a/2017/2xxx/CVE-2017-2412.json
+++ b/2017/2xxx/CVE-2017-2412.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "product-security@apple.com",
- "ID" : "CVE-2017-2412",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"iTunes Store\" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@apple.com",
+ "ID": "CVE-2017-2412",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://support.apple.com/HT207617",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT207617"
- },
- {
- "name" : "97138",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97138"
- },
- {
- "name" : "1038139",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038139"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"iTunes Store\" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1038139",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038139"
+ },
+ {
+ "name": "97138",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97138"
+ },
+ {
+ "name": "https://support.apple.com/HT207617",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT207617"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6001.json b/2017/6xxx/CVE-2017-6001.json
index 5639ae50968..b611f787d25 100644
--- a/2017/6xxx/CVE-2017-6001.json
+++ b/2017/6xxx/CVE-2017-6001.json
@@ -1,117 +1,117 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-6001",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-6001",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20170216 Linux: CVE-2017-6001: Incomplete fix for CVE-2016-6786: perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2017/02/16/1"
- },
- {
- "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290",
- "refsource" : "CONFIRM",
- "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290"
- },
- {
- "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7",
- "refsource" : "CONFIRM",
- "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1422825",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1422825"
- },
- {
- "name" : "https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290"
- },
- {
- "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01",
- "refsource" : "CONFIRM",
- "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01"
- },
- {
- "name" : "DSA-3791",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2017/dsa-3791"
- },
- {
- "name" : "RHSA-2017:2669",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2017:2669"
- },
- {
- "name" : "RHSA-2017:1842",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2017:1842"
- },
- {
- "name" : "RHSA-2017:2077",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2017:2077"
- },
- {
- "name" : "RHSA-2018:1854",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:1854"
- },
- {
- "name" : "96264",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/96264"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "96264",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/96264"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422825",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422825"
+ },
+ {
+ "name": "https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290"
+ },
+ {
+ "name": "RHSA-2017:2669",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2017:2669"
+ },
+ {
+ "name": "RHSA-2018:1854",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:1854"
+ },
+ {
+ "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7",
+ "refsource": "CONFIRM",
+ "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7"
+ },
+ {
+ "name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
+ "refsource": "CONFIRM",
+ "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
+ },
+ {
+ "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290",
+ "refsource": "CONFIRM",
+ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290"
+ },
+ {
+ "name": "RHSA-2017:2077",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2017:2077"
+ },
+ {
+ "name": "RHSA-2017:1842",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2017:1842"
+ },
+ {
+ "name": "DSA-3791",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2017/dsa-3791"
+ },
+ {
+ "name": "[oss-security] 20170216 Linux: CVE-2017-6001: Incomplete fix for CVE-2016-6786: perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2017/02/16/1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6279.json b/2017/6xxx/CVE-2017-6279.json
index 493aab21577..faf8b3eee2c 100644
--- a/2017/6xxx/CVE-2017-6279.json
+++ b/2017/6xxx/CVE-2017-6279.json
@@ -1,63 +1,63 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@nvidia.com",
- "DATE_PUBLIC" : "2018-02-05T00:00:00",
- "ID" : "CVE-2017-6279",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Android",
- "version" : {
- "version_data" : [
- {
- "version_value" : "NA"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Nvidia Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Elevation of privilege"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@nvidia.com",
+ "DATE_PUBLIC": "2018-02-05T00:00:00",
+ "ID": "CVE-2017-6279",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "NA"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Nvidia Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://source.android.com/security/bulletin/2018-02-01",
- "refsource" : "CONFIRM",
- "url" : "https://source.android.com/security/bulletin/2018-02-01"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Elevation of privilege"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://source.android.com/security/bulletin/2018-02-01",
+ "refsource": "CONFIRM",
+ "url": "https://source.android.com/security/bulletin/2018-02-01"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6718.json b/2017/6xxx/CVE-2017-6718.json
index b486623c355..6ba14b7f8ff 100644
--- a/2017/6xxx/CVE-2017-6718.json
+++ b/2017/6xxx/CVE-2017-6718.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@cisco.com",
- "ID" : "CVE-2017-6718",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Cisco IOS XR",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Cisco IOS XR"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Privilege Escalation Vulnerability"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "ID": "CVE-2017-6718",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cisco IOS XR",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Cisco IOS XR"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1",
- "refsource" : "CONFIRM",
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1"
- },
- {
- "name" : "99226",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/99226"
- },
- {
- "name" : "1038741",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038741"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Privilege Escalation Vulnerability"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1",
+ "refsource": "CONFIRM",
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1"
+ },
+ {
+ "name": "1038741",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038741"
+ },
+ {
+ "name": "99226",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/99226"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6752.json b/2017/6xxx/CVE-2017-6752.json
index b2feba976af..1a576830034 100644
--- a/2017/6xxx/CVE-2017-6752.json
+++ b/2017/6xxx/CVE-2017-6752.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@cisco.com",
- "ID" : "CVE-2017-6752",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Cisco Adaptive Security Appliance",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Cisco Adaptive Security Appliance"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol (LDAP) and SSL Connection Profile when they are configured together. An attacker could exploit the vulnerability by performing a username enumeration attack to the IP address of the device. An exploit could allow the attacker to determine valid usernames. Cisco Bug IDs: CSCvd47888."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-200"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "ID": "CVE-2017-6752",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cisco Adaptive Security Appliance",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Cisco Adaptive Security Appliance"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd47888",
- "refsource" : "CONFIRM",
- "url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd47888"
- },
- {
- "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa2",
- "refsource" : "CONFIRM",
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa2"
- },
- {
- "name" : "100113",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/100113"
- },
- {
- "name" : "1039057",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1039057"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol (LDAP) and SSL Connection Profile when they are configured together. An attacker could exploit the vulnerability by performing a username enumeration attack to the IP address of the device. An exploit could allow the attacker to determine valid usernames. Cisco Bug IDs: CSCvd47888."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd47888",
+ "refsource": "CONFIRM",
+ "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd47888"
+ },
+ {
+ "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa2",
+ "refsource": "CONFIRM",
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa2"
+ },
+ {
+ "name": "1039057",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1039057"
+ },
+ {
+ "name": "100113",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/100113"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6966.json b/2017/6xxx/CVE-2017-6966.json
index 609dc5020d0..c7b171a8941 100644
--- a/2017/6xxx/CVE-2017-6966.json
+++ b/2017/6xxx/CVE-2017-6966.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-6966",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-6966",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21139",
- "refsource" : "CONFIRM",
- "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21139"
- },
- {
- "name" : "GLSA-201709-02",
- "refsource" : "GENTOO",
- "url" : "https://security.gentoo.org/glsa/201709-02"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21139",
+ "refsource": "CONFIRM",
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21139"
+ },
+ {
+ "name": "GLSA-201709-02",
+ "refsource": "GENTOO",
+ "url": "https://security.gentoo.org/glsa/201709-02"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7296.json b/2017/7xxx/CVE-2017-7296.json
index cf34f34297f..18c84704121 100644
--- a/2017/7xxx/CVE-2017-7296.json
+++ b/2017/7xxx/CVE-2017-7296.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-7296",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-7296",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://gist.github.com/jackmcbride/c9328627f1ee104ce84f3fb7eff42f1e",
- "refsource" : "MISC",
- "url" : "https://gist.github.com/jackmcbride/c9328627f1ee104ce84f3fb7eff42f1e"
- },
- {
- "name" : "98790",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/98790"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gist.github.com/jackmcbride/c9328627f1ee104ce84f3fb7eff42f1e",
+ "refsource": "MISC",
+ "url": "https://gist.github.com/jackmcbride/c9328627f1ee104ce84f3fb7eff42f1e"
+ },
+ {
+ "name": "98790",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/98790"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7497.json b/2017/7xxx/CVE-2017-7497.json
index 4221188208e..dfb4a77edff 100644
--- a/2017/7xxx/CVE-2017-7497.json
+++ b/2017/7xxx/CVE-2017-7497.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "sfowler@redhat.com",
- "ID" : "CVE-2017-7497",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "CFME",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "[UNKNOWN]"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant."
- }
- ]
- },
- "impact" : {
- "cvss" : [
- [
- {
- "vectorString" : "4.1/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
- "version" : "3.0"
- }
- ]
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-284"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2017-7497",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CFME",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "[UNKNOWN]"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497"
- },
- {
- "name" : "RHSA-2017:1601",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2017:1601"
- },
- {
- "name" : "RHSA-2017:1758",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2017:1758"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant."
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ [
+ {
+ "vectorString": "4.1/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.0"
+ }
+ ]
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497"
+ },
+ {
+ "name": "RHSA-2017:1601",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2017:1601"
+ },
+ {
+ "name": "RHSA-2017:1758",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2017:1758"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7555.json b/2017/7xxx/CVE-2017-7555.json
index 42f1aa2dce8..29d696efe12 100644
--- a/2017/7xxx/CVE-2017-7555.json
+++ b/2017/7xxx/CVE-2017-7555.json
@@ -1,83 +1,83 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert@redhat.com",
- "DATE_PUBLIC" : "2017-08-17T00:00:00",
- "ID" : "CVE-2017-7555",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "augeas",
- "version" : {
- "version_data" : [
- {
- "version_value" : "up to and including 1.8.0"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Red Hat, Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-122"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "DATE_PUBLIC": "2017-08-17T00:00:00",
+ "ID": "CVE-2017-7555",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "augeas",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "up to and including 1.8.0"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Red Hat, Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/hercules-team/augeas/pull/480",
- "refsource" : "MISC",
- "url" : "https://github.com/hercules-team/augeas/pull/480"
- },
- {
- "name" : "https://puppet.com/security/cve/cve-2017-7555",
- "refsource" : "CONFIRM",
- "url" : "https://puppet.com/security/cve/cve-2017-7555"
- },
- {
- "name" : "DSA-3949",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2017/dsa-3949"
- },
- {
- "name" : "RHSA-2017:2788",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2017:2788"
- },
- {
- "name" : "100378",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/100378"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-122"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://puppet.com/security/cve/cve-2017-7555",
+ "refsource": "CONFIRM",
+ "url": "https://puppet.com/security/cve/cve-2017-7555"
+ },
+ {
+ "name": "100378",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/100378"
+ },
+ {
+ "name": "RHSA-2017:2788",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2017:2788"
+ },
+ {
+ "name": "https://github.com/hercules-team/augeas/pull/480",
+ "refsource": "MISC",
+ "url": "https://github.com/hercules-team/augeas/pull/480"
+ },
+ {
+ "name": "DSA-3949",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2017/dsa-3949"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7872.json b/2017/7xxx/CVE-2017-7872.json
index 1545322d03a..0548462fcc4 100644
--- a/2017/7xxx/CVE-2017-7872.json
+++ b/2017/7xxx/CVE-2017-7872.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-7872",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-7872",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10888.json b/2018/10xxx/CVE-2018-10888.json
index d37f37309ac..dece3d438ed 100644
--- a/2018/10xxx/CVE-2018-10888.json
+++ b/2018/10xxx/CVE-2018-10888.json
@@ -1,78 +1,78 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert@redhat.com",
- "DATE_PUBLIC" : "2018-07-09T00:00:00",
- "ID" : "CVE-2018-10888",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "libgit2",
- "version" : {
- "version_data" : [
- {
- "version_value" : "before version 0.27.3"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "libgit2"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-20->CWE-125"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "DATE_PUBLIC": "2018-07-09T00:00:00",
+ "ID": "CVE-2018-10888",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "libgit2",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "before version 0.27.3"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "libgit2"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update",
- "refsource" : "MLIST",
- "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1598024",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1598024"
- },
- {
- "name" : "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3"
- },
- {
- "name" : "https://github.com/libgit2/libgit2/releases/tag/v0.27.3",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/libgit2/libgit2/releases/tag/v0.27.3"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20->CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3"
+ },
+ {
+ "name": "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update",
+ "refsource": "MLIST",
+ "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html"
+ },
+ {
+ "name": "https://github.com/libgit2/libgit2/releases/tag/v0.27.3",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.3"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1598024",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598024"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/11xxx/CVE-2018-11783.json b/2018/11xxx/CVE-2018-11783.json
index 15d143b9961..982d53f5526 100644
--- a/2018/11xxx/CVE-2018-11783.json
+++ b/2018/11xxx/CVE-2018-11783.json
@@ -1,68 +1,68 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@apache.org",
- "DATE_PUBLIC" : "2019-02-12T00:00:00",
- "ID" : "CVE-2018-11783",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Apache Traffic Server",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Apache Traffic Server 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, 8.0.0 to 8.0.1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Apache Software Foundation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Information Disclosure"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "DATE_PUBLIC": "2019-02-12T00:00:00",
+ "ID": "CVE-2018-11783",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache Traffic Server",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Apache Traffic Server 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, 8.0.0 to 8.0.1"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Apache Software Foundation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[trafficserver-announce] 20190212 [ANNOUNCE] Apache Traffic Server vulnerability with sslheader plugin",
- "refsource" : "MLIST",
- "url" : "https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e@%3Cannounce.trafficserver.apache.org%3E"
- },
- {
- "name" : "107032",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/107032"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Information Disclosure"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "107032",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/107032"
+ },
+ {
+ "name": "[trafficserver-announce] 20190212 [ANNOUNCE] Apache Traffic Server vulnerability with sslheader plugin",
+ "refsource": "MLIST",
+ "url": "https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e@%3Cannounce.trafficserver.apache.org%3E"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14045.json b/2018/14xxx/CVE-2018-14045.json
index bfaef140fec..f7174141767 100644
--- a/2018/14xxx/CVE-2018-14045.json
+++ b/2018/14xxx/CVE-2018-14045.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-14045",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-14045",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md",
- "refsource" : "MISC",
- "url" : "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md",
+ "refsource": "MISC",
+ "url": "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14821.json b/2018/14xxx/CVE-2018-14821.json
index 2bcaa0450ae..27d8b568d56 100644
--- a/2018/14xxx/CVE-2018-14821.json
+++ b/2018/14xxx/CVE-2018-14821.json
@@ -1,68 +1,68 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "ics-cert@hq.dhs.gov",
- "DATE_PUBLIC" : "2018-09-20T00:00:00",
- "ID" : "CVE-2018-14821",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "RSLinx Classic",
- "version" : {
- "version_data" : [
- {
- "version_value" : "4.00.01 and prior"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Rockwell Automation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "HEAP-BASED BUFFER OVERFLOW CWE-122"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "DATE_PUBLIC": "2018-09-20T00:00:00",
+ "ID": "CVE-2018-14821",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "RSLinx Classic",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "4.00.01 and prior"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Rockwell Automation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02",
- "refsource" : "MISC",
- "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
- },
- {
- "name" : "https://www.tenable.com/security/research/tra-2018-26",
- "refsource" : "MISC",
- "url" : "https://www.tenable.com/security/research/tra-2018-26"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02",
+ "refsource": "MISC",
+ "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
+ },
+ {
+ "name": "https://www.tenable.com/security/research/tra-2018-26",
+ "refsource": "MISC",
+ "url": "https://www.tenable.com/security/research/tra-2018-26"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14873.json b/2018/14xxx/CVE-2018-14873.json
index 30db8f111f8..da4141baf44 100644
--- a/2018/14xxx/CVE-2018-14873.json
+++ b/2018/14xxx/CVE-2018-14873.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-14873",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-14873",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/havysec/Useful_Code/blob/master/mycve/006.md",
- "refsource" : "MISC",
- "url" : "https://github.com/havysec/Useful_Code/blob/master/mycve/006.md"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/havysec/Useful_Code/blob/master/mycve/006.md",
+ "refsource": "MISC",
+ "url": "https://github.com/havysec/Useful_Code/blob/master/mycve/006.md"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/15xxx/CVE-2018-15178.json b/2018/15xxx/CVE-2018-15178.json
index df471b861ed..a57c17640dc 100644
--- a/2018/15xxx/CVE-2018-15178.json
+++ b/2018/15xxx/CVE-2018-15178.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-15178",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-15178",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/gogs/gogs/issues/5364",
- "refsource" : "MISC",
- "url" : "https://github.com/gogs/gogs/issues/5364"
- },
- {
- "name" : "https://github.com/gogs/gogs/pull/5365",
- "refsource" : "MISC",
- "url" : "https://github.com/gogs/gogs/pull/5365"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/gogs/gogs/issues/5364",
+ "refsource": "MISC",
+ "url": "https://github.com/gogs/gogs/issues/5364"
+ },
+ {
+ "name": "https://github.com/gogs/gogs/pull/5365",
+ "refsource": "MISC",
+ "url": "https://github.com/gogs/gogs/pull/5365"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/15xxx/CVE-2018-15330.json b/2018/15xxx/CVE-2018-15330.json
index 51a02bf3adf..c561bf678bd 100644
--- a/2018/15xxx/CVE-2018-15330.json
+++ b/2018/15xxx/CVE-2018-15330.json
@@ -1,63 +1,63 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "f5sirt@f5.com",
- "DATE_PUBLIC" : "2018-12-20T00:00:00",
- "ID" : "CVE-2018-15330",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
- "version" : {
- "version_data" : [
- {
- "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.7"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "F5 Networks, Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "DoS"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "f5sirt@f5.com",
+ "DATE_PUBLIC": "2018-12-20T00:00:00",
+ "ID": "CVE-2018-15330",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.7"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "F5 Networks, Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://support.f5.com/csp/article/K23328310",
- "refsource" : "CONFIRM",
- "url" : "https://support.f5.com/csp/article/K23328310"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "DoS"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://support.f5.com/csp/article/K23328310",
+ "refsource": "CONFIRM",
+ "url": "https://support.f5.com/csp/article/K23328310"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/15xxx/CVE-2018-15580.json b/2018/15xxx/CVE-2018-15580.json
index 1377af5f2e8..d269b5428a5 100644
--- a/2018/15xxx/CVE-2018-15580.json
+++ b/2018/15xxx/CVE-2018-15580.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-15580",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-15580",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/15xxx/CVE-2018-15619.json b/2018/15xxx/CVE-2018-15619.json
index c9db1dd2a14..170ced32853 100644
--- a/2018/15xxx/CVE-2018-15619.json
+++ b/2018/15xxx/CVE-2018-15619.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-15619",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2018-15619",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/15xxx/CVE-2018-15622.json b/2018/15xxx/CVE-2018-15622.json
index 6e68c98f695..69862498a70 100644
--- a/2018/15xxx/CVE-2018-15622.json
+++ b/2018/15xxx/CVE-2018-15622.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-15622",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2018-15622",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20152.json b/2018/20xxx/CVE-2018-20152.json
index f4e381a7b28..7abaa1dc2b4 100644
--- a/2018/20xxx/CVE-2018-20152.json
+++ b/2018/20xxx/CVE-2018-20152.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20152",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20152",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update",
- "refsource" : "MLIST",
- "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"
- },
- {
- "name" : "https://codex.wordpress.org/Version_4.9.9",
- "refsource" : "MISC",
- "url" : "https://codex.wordpress.org/Version_4.9.9"
- },
- {
- "name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
- "refsource" : "MISC",
- "url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
- },
- {
- "name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
- "refsource" : "MISC",
- "url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
- },
- {
- "name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
- "refsource" : "MISC",
- "url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
- },
- {
- "name" : "https://wpvulndb.com/vulnerabilities/9170",
- "refsource" : "MISC",
- "url" : "https://wpvulndb.com/vulnerabilities/9170"
- },
- {
- "name" : "DSA-4401",
- "refsource" : "DEBIAN",
- "url" : "https://www.debian.org/security/2019/dsa-4401"
- },
- {
- "name" : "106220",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/106220"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "106220",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/106220"
+ },
+ {
+ "name": "https://wordpress.org/support/wordpress-version/version-5-0-1/",
+ "refsource": "MISC",
+ "url": "https://wordpress.org/support/wordpress-version/version-5-0-1/"
+ },
+ {
+ "name": "https://codex.wordpress.org/Version_4.9.9",
+ "refsource": "MISC",
+ "url": "https://codex.wordpress.org/Version_4.9.9"
+ },
+ {
+ "name": "https://wpvulndb.com/vulnerabilities/9170",
+ "refsource": "MISC",
+ "url": "https://wpvulndb.com/vulnerabilities/9170"
+ },
+ {
+ "name": "DSA-4401",
+ "refsource": "DEBIAN",
+ "url": "https://www.debian.org/security/2019/dsa-4401"
+ },
+ {
+ "name": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
+ "refsource": "MISC",
+ "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
+ },
+ {
+ "name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update",
+ "refsource": "MLIST",
+ "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"
+ },
+ {
+ "name": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
+ "refsource": "MISC",
+ "url": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9047.json b/2018/9xxx/CVE-2018-9047.json
index 833a97c104b..c8500ae62a4 100644
--- a/2018/9xxx/CVE-2018-9047.json
+++ b/2018/9xxx/CVE-2018-9047.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-9047",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002841."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-9047",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002841",
- "refsource" : "MISC",
- "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002841"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002841."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002841",
+ "refsource": "MISC",
+ "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002841"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9405.json b/2018/9xxx/CVE-2018-9405.json
index f38529d5a9f..60b209ea494 100644
--- a/2018/9xxx/CVE-2018-9405.json
+++ b/2018/9xxx/CVE-2018-9405.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-9405",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-9405",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9553.json b/2018/9xxx/CVE-2018-9553.json
index 246033962f0..de0cdc91091 100644
--- a/2018/9xxx/CVE-2018-9553.json
+++ b/2018/9xxx/CVE-2018-9553.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@google.com",
- "ID" : "CVE-2018-9553",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Android",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Google Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Remote code execution"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@android.com",
+ "ID": "CVE-2018-9553",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Google Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://source.android.com/security/bulletin/2018-12-01",
- "refsource" : "CONFIRM",
- "url" : "https://source.android.com/security/bulletin/2018-12-01"
- },
- {
- "name" : "106137",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/106137"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Remote code execution"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "106137",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/106137"
+ },
+ {
+ "name": "https://source.android.com/security/bulletin/2018-12-01",
+ "refsource": "CONFIRM",
+ "url": "https://source.android.com/security/bulletin/2018-12-01"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9799.json b/2018/9xxx/CVE-2018-9799.json
index 3f7dbedb482..50140045afa 100644
--- a/2018/9xxx/CVE-2018-9799.json
+++ b/2018/9xxx/CVE-2018-9799.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-9799",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-9799",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file