diff --git a/2002/0xxx/CVE-2002-0134.json b/2002/0xxx/CVE-2002-0134.json index d34a5ff65d7..320b22a65c0 100644 --- a/2002/0xxx/CVE-2002-0134.json +++ b/2002/0xxx/CVE-2002-0134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a \"dos\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020117 Avirt Gateway Suite Remote SYSTEM Level Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101131669102843&w=2" - }, - { - "name" : "20020220 Avirt 4.2 question", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101424723728817&w=2" - }, - { - "name" : "3901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3901" - }, - { - "name" : "avirt-gateway-telnet-access(7915)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7915.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a \"dos\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3901" + }, + { + "name": "20020117 Avirt Gateway Suite Remote SYSTEM Level Compromise", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101131669102843&w=2" + }, + { + "name": "avirt-gateway-telnet-access(7915)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7915.php" + }, + { + "name": "20020220 Avirt 4.2 question", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101424723728817&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0277.json b/2002/0xxx/CVE-2002-0277.json index 9321a12321b..86434face20 100644 --- a/2002/0xxx/CVE-2002-0277.json +++ b/2002/0xxx/CVE-2002-0277.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020214 Add2it Mailman command execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101371994219708&w=2" - }, - { - "name" : "http://www.add2it.com/scripts/mailman-free-history.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.add2it.com/scripts/mailman-free-history.shtml" - }, - { - "name" : "4105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4105" - }, - { - "name" : "mailman-open-execute-commands(8202)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8202.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mailman-open-execute-commands(8202)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8202.php" + }, + { + "name": "4105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4105" + }, + { + "name": "20020214 Add2it Mailman command execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101371994219708&w=2" + }, + { + "name": "http://www.add2it.com/scripts/mailman-free-history.shtml", + "refsource": "CONFIRM", + "url": "http://www.add2it.com/scripts/mailman-free-history.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0520.json b/2002/0xxx/CVE-2002-0520.json index 984ccd59141..71688953099 100644 --- a/2002/0xxx/CVE-2002-0520.json +++ b/2002/0xxx/CVE-2002-0520.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020409 Security holes in ASP-Nuke", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/266705" - }, - { - "name" : "http://www.asp-nuke.com/news.asp?date=20020412&cat=11", - "refsource" : "CONFIRM", - "url" : "http://www.asp-nuke.com/news.asp?date=20020412&cat=11" - }, - { - "name" : "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt" - }, - { - "name" : "4475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4475" - }, - { - "name" : "aspnuke-image-css(8829)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8829.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspnuke-image-css(8829)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8829.php" + }, + { + "name": "20020409 Security holes in ASP-Nuke", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/266705" + }, + { + "name": "http://www.asp-nuke.com/news.asp?date=20020412&cat=11", + "refsource": "CONFIRM", + "url": "http://www.asp-nuke.com/news.asp?date=20020412&cat=11" + }, + { + "name": "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt" + }, + { + "name": "4475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4475" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0802.json b/2002/0xxx/CVE-2002-0802.json index f027a5a977b..09acafbf53c 100644 --- a/2002/0xxx/CVE-2002-0802.json +++ b/2002/0xxx/CVE-2002-0802.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://marc.info/?l=postgresql-general&m=102032794322362", - "refsource" : "MISC", - "url" : "http://marc.info/?l=postgresql-general&m=102032794322362" - }, - { - "name" : "RHSA-2002:149", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-149.html" - }, - { - "name" : "postgresql-sqlascii-sql-injection(10328)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10328.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://marc.info/?l=postgresql-general&m=102032794322362", + "refsource": "MISC", + "url": "http://marc.info/?l=postgresql-general&m=102032794322362" + }, + { + "name": "RHSA-2002:149", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-149.html" + }, + { + "name": "postgresql-sqlascii-sql-injection(10328)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10328.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1169.json b/2002/1xxx/CVE-2002-1169.json index 865cec1ae67..aee45ba6a83 100644 --- a/2002/1xxx/CVE-2002-1169.json +++ b/2002/1xxx/CVE-2002-1169.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rapid7.com/advisories/R7-0007.txt", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0007.txt" - }, - { - "name" : "IY35970", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY35970&apar=only" - }, - { - "name" : "6002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6002" - }, - { - "name" : "ibm-wte-helpout-dos(10452)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10452.php" - }, - { - "name" : "2090", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-wte-helpout-dos(10452)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10452.php" + }, + { + "name": "IY35970", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY35970&apar=only" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0007.txt", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0007.txt" + }, + { + "name": "6002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6002" + }, + { + "name": "2090", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2090" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1401.json b/2002/1xxx/CVE-2002-1401.json index 2cdf610e1bc..9f7e07d422f 100644 --- a/2002/1xxx/CVE-2002-1401.json +++ b/2002/1xxx/CVE-2002-1401.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php", - "refsource" : "MISC", - "url" : "http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php" - }, - { - "name" : "http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php", - "refsource" : "MISC", - "url" : "http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php" - }, - { - "name" : "DSA-165", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-165" - }, - { - "name" : "CLA-2002:524", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" - }, - { - "name" : "RHSA-2003:001", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-001.html" - }, - { - "name" : "8034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2002:524", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" + }, + { + "name": "http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php", + "refsource": "MISC", + "url": "http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php" + }, + { + "name": "8034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8034" + }, + { + "name": "http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php", + "refsource": "MISC", + "url": "http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php" + }, + { + "name": "RHSA-2003:001", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-001.html" + }, + { + "name": "DSA-165", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-165" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1414.json b/2002/1xxx/CVE-2002-1414.json index 291bcfab2b7..52804067d9d 100644 --- a/2002/1xxx/CVE-2002-1414.json +++ b/2002/1xxx/CVE-2002-1414.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020806 qmailadmin SUID buffer overflow", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=102859603029424&w=2" - }, - { - "name" : "20020724 Re: qmailadmin SUID buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html" - }, - { - "name" : "http://www.inter7.com/qmailadmin/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.inter7.com/qmailadmin/ChangeLog" - }, - { - "name" : "5404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5404" - }, - { - "name" : "qmailadmin-templatedir-bo(9786)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9786.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qmailadmin-templatedir-bo(9786)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9786.php" + }, + { + "name": "20020724 Re: qmailadmin SUID buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html" + }, + { + "name": "20020806 qmailadmin SUID buffer overflow", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=102859603029424&w=2" + }, + { + "name": "5404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5404" + }, + { + "name": "http://www.inter7.com/qmailadmin/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.inter7.com/qmailadmin/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1435.json b/2002/1xxx/CVE-2002-1435.json index b5ff4421f30..68de8c233fd 100644 --- a/2002/1xxx/CVE-2002-1435.json +++ b/2002/1xxx/CVE-2002-1435.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020822 Arbitrary code execution problem in Achievo", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html" - }, - { - "name" : "http://www.achievo.org/lists/2002/Aug/msg00092.html", - "refsource" : "CONFIRM", - "url" : "http://www.achievo.org/lists/2002/Aug/msg00092.html" - }, - { - "name" : "achievo-php-execute-code(9947)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9947.php" - }, - { - "name" : "5552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020822 Arbitrary code execution problem in Achievo", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html" + }, + { + "name": "http://www.achievo.org/lists/2002/Aug/msg00092.html", + "refsource": "CONFIRM", + "url": "http://www.achievo.org/lists/2002/Aug/msg00092.html" + }, + { + "name": "achievo-php-execute-code(9947)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9947.php" + }, + { + "name": "5552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5552" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1904.json b/2002/1xxx/CVE-2002-1904.json index 183a7d4ed3e..8a188dc7164 100644 --- a/2002/1xxx/CVE-2002-1904.json +++ b/2002/1xxx/CVE-2002-1904.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021013 Pyramid Research Project - ghttpd security advisorie", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/295141" - }, - { - "name" : "http://lynorics.sundawn.net/prog/ghttpd.html#versionen", - "refsource" : "CONFIRM", - "url" : "http://lynorics.sundawn.net/prog/ghttpd.html#versionen" - }, - { - "name" : "5960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5960" - }, - { - "name" : "gaztek-httpd-log-bo(10361)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10361.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5960" + }, + { + "name": "gaztek-httpd-log-bo(10361)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10361.php" + }, + { + "name": "20021013 Pyramid Research Project - ghttpd security advisorie", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/295141" + }, + { + "name": "http://lynorics.sundawn.net/prog/ghttpd.html#versionen", + "refsource": "CONFIRM", + "url": "http://lynorics.sundawn.net/prog/ghttpd.html#versionen" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2206.json b/2002/2xxx/CVE-2002-2206.json index bd3f3716f8a..40f5d3673ac 100644 --- a/2002/2xxx/CVE-2002-2206.json +++ b/2002/2xxx/CVE-2002-2206.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020911 Norton AntiVirus 2001 POP3 Proxy local DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/291358" - }, - { - "name" : "20020919 http://online.securityfocus.com/archive/1/291358/2002-09-08/2002-09-14/0, Subj: Norton AintiVirus 2001 POPROXY DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0240.html" - }, - { - "name" : "5692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5692" - }, - { - "name" : "nav-poproxy-username-dos(10085)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10085.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020911 Norton AntiVirus 2001 POP3 Proxy local DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/291358" + }, + { + "name": "nav-poproxy-username-dos(10085)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10085.php" + }, + { + "name": "5692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5692" + }, + { + "name": "20020919 http://online.securityfocus.com/archive/1/291358/2002-09-08/2002-09-14/0, Subj: Norton AintiVirus 2001 POPROXY DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0240.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2398.json b/2002/2xxx/CVE-2002-2398.json index e77f75663e9..4a216be359f 100644 --- a/2002/2xxx/CVE-2002-2398.json +++ b/2002/2xxx/CVE-2002-2398.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021112 APBoard - post threads to protected forums and possibility to hijack forum-password", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/299536" - }, - { - "name" : "6167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6167" - }, - { - "name" : "3332", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3332" - }, - { - "name" : "apboard-protected-forum-bypass(10611)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10611.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021112 APBoard - post threads to protected forums and possibility to hijack forum-password", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/299536" + }, + { + "name": "6167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6167" + }, + { + "name": "apboard-protected-forum-bypass(10611)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10611.php" + }, + { + "name": "3332", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3332" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0257.json b/2003/0xxx/CVE-2003-0257.json index c2f115ffb32..a26a3752626 100644 --- a/2003/0xxx/CVE-2003-0257.json +++ b/2003/0xxx/CVE-2003-0257.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MSS-OAR-E01-2003:0660.1", - "refsource" : "IBM", - "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1" - }, - { - "name" : "aix-print-format-string(12000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aix-print-format-string(12000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12000" + }, + { + "name": "MSS-OAR-E01-2003:0660.1", + "refsource": "IBM", + "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0333.json b/2003/0xxx/CVE-2003-0333.json index 05a6c9d4012..3800e4010fe 100644 --- a/2003/0xxx/CVE-2003-0333.json +++ b/2003/0xxx/CVE-2003-0333.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function \"doask,\" a different vulnerability than CVE-2001-0085." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030502 HP-UX 11.0 /usr/bin/kermit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105189670912220&w=2" - }, - { - "name" : "20030502 Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105190667523456&w=2" - }, - { - "name" : "HPSBUX0305-259", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/current/0044.html" - }, - { - "name" : "VU#971364", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/971364" - }, - { - "name" : "7627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7627" - }, - { - "name" : "hp-ckermit-bo(11929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function \"doask,\" a different vulnerability than CVE-2001-0085." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7627" + }, + { + "name": "20030502 Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105190667523456&w=2" + }, + { + "name": "20030502 HP-UX 11.0 /usr/bin/kermit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105189670912220&w=2" + }, + { + "name": "HPSBUX0305-259", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/current/0044.html" + }, + { + "name": "VU#971364", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/971364" + }, + { + "name": "hp-ckermit-bo(11929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11929" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1060.json b/2009/1xxx/CVE-2009-1060.json index ac5df3d3a58..b13c5a9612d 100644 --- a/2009/1xxx/CVE-2009-1060.json +++ b/2009/1xxx/CVE-2009-1060.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cansecwest.com/index.html", - "refsource" : "MISC", - "url" : "http://cansecwest.com/index.html" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009" - }, - { - "name" : "http://news.cnet.com/8301-1009_3-10199652-83.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-1009_3-10199652-83.html" - }, - { - "name" : "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129978", - "refsource" : "MISC", - "url" : "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129978" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits" - }, - { - "name" : "34179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34179" - }, - { - "name" : "52888", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52888" - }, - { - "name" : "1021879", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021879" - }, - { - "name" : "apple-safari-unspecified-code-execution1(49463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits" + }, + { + "name": "http://cansecwest.com/index.html", + "refsource": "MISC", + "url": "http://cansecwest.com/index.html" + }, + { + "name": "34179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34179" + }, + { + "name": "52888", + "refsource": "OSVDB", + "url": "http://osvdb.org/52888" + }, + { + "name": "1021879", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021879" + }, + { + "name": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129978", + "refsource": "MISC", + "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129978" + }, + { + "name": "apple-safari-unspecified-code-execution1(49463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49463" + }, + { + "name": "http://news.cnet.com/8301-1009_3-10199652-83.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-1009_3-10199652-83.html" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0676.json b/2012/0xxx/CVE-2012-0676.json index 7a01fc0e322..7dc0c02f587 100644 --- a/2012/0xxx/CVE-2012-0676.json +++ b/2012/0xxx/CVE-2012-0676.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5282", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5282" - }, - { - "name" : "APPLE-SA-2012-05-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00002.html" - }, - { - "name" : "81787", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81787" - }, - { - "name" : "1027053", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027053" - }, - { - "name" : "47292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47292" - }, - { - "name" : "safari-webkit-tracking-sec-bypass(75474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81787", + "refsource": "OSVDB", + "url": "http://osvdb.org/81787" + }, + { + "name": "1027053", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027053" + }, + { + "name": "http://support.apple.com/kb/HT5282", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5282" + }, + { + "name": "APPLE-SA-2012-05-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00002.html" + }, + { + "name": "safari-webkit-tracking-sec-bypass(75474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75474" + }, + { + "name": "47292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47292" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3082.json b/2012/3xxx/CVE-2012-3082.json index a8b0fb7abd3..3e2964acb3e 100644 --- a/2012/3xxx/CVE-2012-3082.json +++ b/2012/3xxx/CVE-2012-3082.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3082", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3082", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3289.json b/2012/3xxx/CVE-2012-3289.json index bf85f974f96..1df914e9ac2 100644 --- a/2012/3xxx/CVE-2012-3289.json +++ b/2012/3xxx/CVE-2012-3289.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2012-0011.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2012-0011.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2012-0011.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2012-0011.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4277.json b/2012/4xxx/CVE-2012-4277.json index 2fcce284d50..e7839f9a0bd 100644 --- a/2012/4xxx/CVE-2012-4277.json +++ b/2012/4xxx/CVE-2012-4277.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/smarty-php/issues/detail?id=98&can=1", - "refsource" : "MISC", - "url" : "http://code.google.com/p/smarty-php/issues/detail?id=98&can=1" - }, - { - "name" : "http://code.google.com/p/smarty-php/source/detail?r=4612", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/smarty-php/source/detail?r=4612" - }, - { - "name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", - "refsource" : "CONFIRM", - "url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" - }, - { - "name" : "1027061", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027061" - }, - { - "name" : "49164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027061", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027061" + }, + { + "name": "http://code.google.com/p/smarty-php/issues/detail?id=98&can=1", + "refsource": "MISC", + "url": "http://code.google.com/p/smarty-php/issues/detail?id=98&can=1" + }, + { + "name": "49164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49164" + }, + { + "name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", + "refsource": "CONFIRM", + "url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" + }, + { + "name": "http://code.google.com/p/smarty-php/source/detail?r=4612", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/smarty-php/source/detail?r=4612" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4682.json b/2012/4xxx/CVE-2012-4682.json index b7ab205b3d5..2326ceafb8e 100644 --- a/2012/4xxx/CVE-2012-4682.json +++ b/2012/4xxx/CVE-2012-4682.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://en.bitcoin.it/wiki/CVEs", - "refsource" : "CONFIRM", - "url" : "https://en.bitcoin.it/wiki/CVEs" - }, - { - "name" : "85353", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/85353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://en.bitcoin.it/wiki/CVEs", + "refsource": "CONFIRM", + "url": "https://en.bitcoin.it/wiki/CVEs" + }, + { + "name": "85353", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/85353" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4776.json b/2012/4xxx/CVE-2012-4776.json index a290d4ecd2c..f32625de11a 100644 --- a/2012/4xxx/CVE-2012-4776.json +++ b/2012/4xxx/CVE-2012-4776.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka \"Web Proxy Auto-Discovery Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-4776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "56463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56463" - }, - { - "name" : "87266", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87266" - }, - { - "name" : "oval:org.mitre.oval:def:15810", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15810" - }, - { - "name" : "1027753", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027753" - }, - { - "name" : "51236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka \"Web Proxy Auto-Discovery Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + }, + { + "name": "MS12-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074" + }, + { + "name": "56463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56463" + }, + { + "name": "oval:org.mitre.oval:def:15810", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15810" + }, + { + "name": "87266", + "refsource": "OSVDB", + "url": "http://osvdb.org/87266" + }, + { + "name": "51236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51236" + }, + { + "name": "1027753", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027753" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4861.json b/2012/4xxx/CVE-2012-4861.json index 0abc2668ca5..a6e9add8908 100644 --- a/2012/4xxx/CVE-2012-4861.json +++ b/2012/4xxx/CVE-2012-4861.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21632383", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21632383" - }, - { - "name" : "infosphere-dir-info-disclosure(79844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21632383", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21632383" + }, + { + "name": "infosphere-dir-info-disclosure(79844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79844" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6183.json b/2012/6xxx/CVE-2012-6183.json index c1b90ebd9d2..0416f976b58 100644 --- a/2012/6xxx/CVE-2012-6183.json +++ b/2012/6xxx/CVE-2012-6183.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6183", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6183", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6241.json b/2012/6xxx/CVE-2012-6241.json index a176d1b2bcd..e6a3b6b3551 100644 --- a/2012/6xxx/CVE-2012-6241.json +++ b/2012/6xxx/CVE-2012-6241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6241", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6241", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6629.json b/2012/6xxx/CVE-2012-6629.json index c3688d03a29..e21e8d2e484 100644 --- a/2012/6xxx/CVE-2012-6629.json +++ b/2012/6xxx/CVE-2012-6629.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "49152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49152" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2586.json b/2017/2xxx/CVE-2017-2586.json index 74804cbdb86..33527a4300d 100644 --- a/2017/2xxx/CVE-2017-2586.json +++ b/2017/2xxx/CVE-2017-2586.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "netpbm", - "version" : { - "version_data" : [ - { - "version_value" : "10.61" - } - ] - } - } - ] - }, - "vendor_name" : "Netpbm" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-476" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "netpbm", + "version": { + "version_data": [ + { + "version_value": "10.61" + } + ] + } + } + ] + }, + "vendor_name": "Netpbm" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586" - }, - { - "name" : "96708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96708" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2636.json b/2017/2xxx/CVE-2017-2636.json index f3e01bd4ad2..b124c43c609 100644 --- a/2017/2xxx/CVE-2017-2636.json +++ b/2017/2xxx/CVE-2017-2636.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-2636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170307 Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/07/6" - }, - { - "name" : "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html", - "refsource" : "MISC", - "url" : "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1428319", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1428319" - }, - { - "name" : "DSA-3804", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3804" - }, - { - "name" : "RHSA-2017:0892", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0892" - }, - { - "name" : "RHSA-2017:0931", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0931" - }, - { - "name" : "RHSA-2017:0932", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0932" - }, - { - "name" : "RHSA-2017:0933", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0933" - }, - { - "name" : "RHSA-2017:0986", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0986" - }, - { - "name" : "RHSA-2017:1125", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1125" - }, - { - "name" : "RHSA-2017:1126", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1126" - }, - { - "name" : "RHSA-2017:1232", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1232" - }, - { - "name" : "RHSA-2017:1233", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1233" - }, - { - "name" : "RHSA-2017:1488", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1488" - }, - { - "name" : "96732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96732" - }, - { - "name" : "1037963", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0892", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0892" + }, + { + "name": "96732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96732" + }, + { + "name": "1037963", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037963" + }, + { + "name": "RHSA-2017:0932", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0932" + }, + { + "name": "[oss-security] 20170307 Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/07/6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428319", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428319" + }, + { + "name": "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html", + "refsource": "MISC", + "url": "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html" + }, + { + "name": "RHSA-2017:1125", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1125" + }, + { + "name": "RHSA-2017:0933", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0933" + }, + { + "name": "RHSA-2017:1232", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1232" + }, + { + "name": "RHSA-2017:0931", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0931" + }, + { + "name": "DSA-3804", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3804" + }, + { + "name": "RHSA-2017:1233", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1233" + }, + { + "name": "RHSA-2017:1488", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1488" + }, + { + "name": "RHSA-2017:0986", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0986" + }, + { + "name": "RHSA-2017:1126", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1126" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2692.json b/2017/2xxx/CVE-2017-2692.json index feb570d65c6..7894c704f7a 100644 --- a/2017/2xxx/CVE-2017-2692.json +++ b/2017/2xxx/CVE-2017-2692.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P8 Lite,Mate 7,Mate S,P8,honor 6,honor 7,SHOTX,G8,", - "version" : { - "version_data" : [ - { - "version_value" : "ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions," - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege elevation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P8 Lite,Mate 7,Mate S,P8,honor 6,honor 7,SHOTX,G8,", + "version": { + "version_data": [ + { + "version_value": "ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions," + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en" - }, - { - "name" : "95919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95919" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6042.json b/2017/6xxx/CVE-2017-6042.json index 350f2170678..3fadb50e3ba 100644 --- a/2017/6xxx/CVE-2017-6042.json +++ b/2017/6xxx/CVE-2017-6042.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-6042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sierra Wireless AirLink Raven XE and XT", - "version" : { - "version_data" : [ - { - "version_value" : "Sierra Wireless AirLink Raven XE and XT" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-6042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sierra Wireless AirLink Raven XE and XT", + "version": { + "version_data": [ + { + "version_value": "Sierra Wireless AirLink Raven XE and XT" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02" - }, - { - "name" : "98036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02" + }, + { + "name": "98036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98036" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6204.json b/2017/6xxx/CVE-2017-6204.json index 13b5bdef40b..b9079ca65db 100644 --- a/2017/6xxx/CVE-2017-6204.json +++ b/2017/6xxx/CVE-2017-6204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6204", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6204", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6209.json b/2017/6xxx/CVE-2017-6209.json index 88dbbe5b369..1f338563bb6 100644 --- a/2017/6xxx/CVE-2017-6209.json +++ b/2017/6xxx/CVE-2017-6209.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170224 CVE-2017-6209 Virglrenderer: stack buffer oveflow in parse_identifier", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/23/20" - }, - { - "name" : "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", - "refsource" : "MLIST", - "url" : "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1426149", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1426149" - }, - { - "name" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27" - }, - { - "name" : "GLSA-201707-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-06" - }, - { - "name" : "96437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201707-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-06" + }, + { + "name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", + "refsource": "MLIST", + "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" + }, + { + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27" + }, + { + "name": "96437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96437" + }, + { + "name": "[oss-security] 20170224 CVE-2017-6209 Virglrenderer: stack buffer oveflow in parse_identifier", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/23/20" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1426149", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426149" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6669.json b/2017/6xxx/CVE-2017-6669.json index 94a1ce01c73..35c91c83759 100644 --- a/2017/6xxx/CVE-2017-6669.json +++ b/2017/6xxx/CVE-2017-6669.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Network Recording Player", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Network Recording Player" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Network Recording Player", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Network Recording Player" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp" - }, - { - "name" : "99196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99196" - }, - { - "name" : "1038737", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp" + }, + { + "name": "1038737", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038737" + }, + { + "name": "99196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99196" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7029.json b/2017/7xxx/CVE-2017-7029.json index b3616e34121..b9cb9643395 100644 --- a/2017/7xxx/CVE-2017-7029.json +++ b/2017/7xxx/CVE-2017-7029.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207922", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207922" - }, - { - "name" : "https://support.apple.com/HT207923", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207923" - }, - { - "name" : "https://support.apple.com/HT207924", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207924" - }, - { - "name" : "https://support.apple.com/HT207925", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207925" - }, - { - "name" : "99883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99883" - }, - { - "name" : "1038950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207924", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207924" + }, + { + "name": "https://support.apple.com/HT207925", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207925" + }, + { + "name": "https://support.apple.com/HT207923", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207923" + }, + { + "name": "99883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99883" + }, + { + "name": "1038950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038950" + }, + { + "name": "https://support.apple.com/HT207922", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207922" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7795.json b/2017/7xxx/CVE-2017-7795.json index 9c31f074e8e..d49189e5da4 100644 --- a/2017/7xxx/CVE-2017-7795.json +++ b/2017/7xxx/CVE-2017-7795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7795", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7795", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11096.json b/2018/11xxx/CVE-2018-11096.json index d58c2a3edd5..3024cabd2fa 100644 --- a/2018/11xxx/CVE-2018-11096.json +++ b/2018/11xxx/CVE-2018-11096.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44628", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44628/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44628", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44628/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14053.json b/2018/14xxx/CVE-2018-14053.json index 03576cc34d2..1c39404c73e 100644 --- a/2018/14xxx/CVE-2018-14053.json +++ b/2018/14xxx/CVE-2018-14053.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14053", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14053", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14132.json b/2018/14xxx/CVE-2018-14132.json index 100e4e57813..74c429f2254 100644 --- a/2018/14xxx/CVE-2018-14132.json +++ b/2018/14xxx/CVE-2018-14132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14132", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14132", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14175.json b/2018/14xxx/CVE-2018-14175.json index 681aa7a83c4..6977b3e53a7 100644 --- a/2018/14xxx/CVE-2018-14175.json +++ b/2018/14xxx/CVE-2018-14175.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14175", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14175", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14818.json b/2018/14xxx/CVE-2018-14818.json index b41bede0b79..df3537ecf51 100644 --- a/2018/14xxx/CVE-2018-14818.json +++ b/2018/14xxx/CVE-2018-14818.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-04T00:00:00", - "ID" : "CVE-2018-14818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PI Studio HMI", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.9 and prior" - } - ] - } - }, - { - "product_name" : "PI Studio", - "version" : { - "version_data" : [ - { - "version_value" : "4.2.34 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "WECON" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-04T00:00:00", + "ID": "CVE-2018-14818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PI Studio HMI", + "version": { + "version_data": [ + { + "version_value": "4.1.9 and prior" + } + ] + } + }, + { + "product_name": "PI Studio", + "version": { + "version_data": [ + { + "version_value": "4.2.34 and prior" + } + ] + } + } + ] + }, + "vendor_name": "WECON" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14865.json b/2018/14xxx/CVE-2018-14865.json index 7ca678db1b7..0b49cccc0f6 100644 --- a/2018/14xxx/CVE-2018-14865.json +++ b/2018/14xxx/CVE-2018-14865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14865", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14865", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15321.json b/2018/15xxx/CVE-2018-15321.json index b8b85340319..c7fedbf3454 100644 --- a/2018/15xxx/CVE-2018-15321.json +++ b/2018/15xxx/CVE-2018-15321.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2018-15321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2018-15321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K01067037", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K01067037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K01067037", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K01067037" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15353.json b/2018/15xxx/CVE-2018-15353.json index e4ffb93b79e..f0478c4afba 100644 --- a/2018/15xxx/CVE-2018-15353.json +++ b/2018/15xxx/CVE-2018-15353.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "ID" : "CVE-2018-15353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kraftway", - "version" : { - "version_data" : [ - { - "version_value" : "Kraftway 24F2XG Router firmware 3.5.30.1118" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "ID": "CVE-2018-15353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kraftway", + "version": { + "version_data": [ + { + "version_value": "Kraftway 24F2XG Router firmware 3.5.30.1118" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-009-kraftway-24f2xg-router-possible-remote-code-execution/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-009-kraftway-24f2xg-router-possible-remote-code-execution/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-009-kraftway-24f2xg-router-possible-remote-code-execution/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-009-kraftway-24f2xg-router-possible-remote-code-execution/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15389.json b/2018/15xxx/CVE-2018-15389.json index d64f694810b..f09f3bb0f86 100644 --- a/2018/15xxx/CVE-2018-15389.json +++ b/2018/15xxx/CVE-2018-15389.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15389", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "8.1", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-255" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15389", + "STATE": "PUBLIC", + "TITLE": "Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-cpcp-password", - "defect" : [ - [ - "CSCvd86564" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181003 Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-cpcp-password", + "defect": [ + [ + "CSCvd86564" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15811.json b/2018/15xxx/CVE-2018-15811.json index d69061d6f6d..f52f2893539 100644 --- a/2018/15xxx/CVE-2018-15811.json +++ b/2018/15xxx/CVE-2018-15811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15811", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15811", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20038.json b/2018/20xxx/CVE-2018-20038.json index fad710c0183..2e92c838dfb 100644 --- a/2018/20xxx/CVE-2018-20038.json +++ b/2018/20xxx/CVE-2018-20038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20038", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20038", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20054.json b/2018/20xxx/CVE-2018-20054.json index d90cc8545b0..acde4a70ea4 100644 --- a/2018/20xxx/CVE-2018-20054.json +++ b/2018/20xxx/CVE-2018-20054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20054", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20054", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20457.json b/2018/20xxx/CVE-2018-20457.json index 10d009efe87..471417d2765 100644 --- a/2018/20xxx/CVE-2018-20457.json +++ b/2018/20xxx/CVE-2018-20457.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/devnexen/radare2/commit/88a8adf080a9f8ed5a4250a2507752e133ba54dd", - "refsource" : "MISC", - "url" : "https://github.com/devnexen/radare2/commit/88a8adf080a9f8ed5a4250a2507752e133ba54dd" - }, - { - "name" : "https://github.com/radare/radare2/issues/12417", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/12417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/devnexen/radare2/commit/88a8adf080a9f8ed5a4250a2507752e133ba54dd", + "refsource": "MISC", + "url": "https://github.com/devnexen/radare2/commit/88a8adf080a9f8ed5a4250a2507752e133ba54dd" + }, + { + "name": "https://github.com/radare/radare2/issues/12417", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/12417" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9144.json b/2018/9xxx/CVE-2018-9144.json index 9319dfe3461..c169d2268be 100644 --- a/2018/9xxx/CVE-2018-9144.json +++ b/2018/9xxx/CVE-2018-9144.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exiv2/exiv2/issues/254", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/254" - }, - { - "name" : "https://github.com/xiaoqx/pocs/tree/master/exiv2", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/tree/master/exiv2" - }, - { - "name" : "GLSA-201811-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exiv2/exiv2/issues/254", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/254" + }, + { + "name": "https://github.com/xiaoqx/pocs/tree/master/exiv2", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/tree/master/exiv2" + }, + { + "name": "GLSA-201811-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-14" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9408.json b/2018/9xxx/CVE-2018-9408.json index c2c3e6086d7..2d19aac90ab 100644 --- a/2018/9xxx/CVE-2018-9408.json +++ b/2018/9xxx/CVE-2018-9408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9408", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9408", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9913.json b/2018/9xxx/CVE-2018-9913.json index 59f3bd29401..4c22d2cfef9 100644 --- a/2018/9xxx/CVE-2018-9913.json +++ b/2018/9xxx/CVE-2018-9913.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9913", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9913", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file