diff --git a/2002/0xxx/CVE-2002-0958.json b/2002/0xxx/CVE-2002-0958.json index 26e44572b12..41274d58556 100644 --- a/2002/0xxx/CVE-2002-0958.json +++ b/2002/0xxx/CVE-2002-0958.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=91877", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=91877" - }, - { - "name" : "phpreactor-browse-xss(9280)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9280.php" - }, - { - "name" : "4952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=91877", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=91877" + }, + { + "name": "phpreactor-browse-xss(9280)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9280.php" + }, + { + "name": "20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html" + }, + { + "name": "4952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4952" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0973.json b/2002/0xxx/CVE-2002-0973.json index 52eed3b3670..4faf78d31ae 100644 --- a/2002/0xxx/CVE-2002-0973.json +++ b/2002/0xxx/CVE-2002-0973.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:38", - "refsource" : "FREEBSD", - "url" : "http://marc.info/?l=bugtraq&m=102976839728706&w=2" - }, - { - "name" : "5493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5493" - }, - { - "name" : "freebsd-negative-system-call-bo(9903)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9903.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5493" + }, + { + "name": "FreeBSD-SA-02:38", + "refsource": "FREEBSD", + "url": "http://marc.info/?l=bugtraq&m=102976839728706&w=2" + }, + { + "name": "freebsd-negative-system-call-bo(9903)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9903.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1066.json b/2002/1xxx/CVE-2002-1066.json index 116e61a1dfa..081dfebad1d 100644 --- a/2002/1xxx/CVE-2002-1066.json +++ b/2002/1xxx/CVE-2002-1066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html" - }, - { - "name" : "jana-pop3-index-bo(9689)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9689.php" - }, - { - "name" : "5327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html" + }, + { + "name": "jana-pop3-index-bo(9689)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9689.php" + }, + { + "name": "5327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5327" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2292.json b/2002/2xxx/CVE-2002-2292.json index 556b534e621..2c752bf5c26 100644 --- a/2002/2xxx/CVE-2002-2292.json +++ b/2002/2xxx/CVE-2002-2292.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021213 Advisory Title: iASP Remote Console Applet Allows Remote", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0126.html" - }, - { - "name" : "6394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6394" - }, - { - "name" : "iasp-dotdot-directory-traversal(10860)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iasp-dotdot-directory-traversal(10860)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10860" + }, + { + "name": "20021213 Advisory Title: iASP Remote Console Applet Allows Remote", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0126.html" + }, + { + "name": "6394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6394" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0045.json b/2005/0xxx/CVE-2005-0045.json index 5831a22d9c0..c9e68805b5e 100644 --- a/2005/0xxx/CVE-2005-0045.json +++ b/2005/0xxx/CVE-2005-0045.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the \"Server Message Block Vulnerability,\" and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110792638401852&w=2" - }, - { - "name" : "20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=110795643831169&w=2" - }, - { - "name" : "20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111040962600205&w=2" - }, - { - "name" : "MS05-011", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-011" - }, - { - "name" : "TA05-039A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" - }, - { - "name" : "VU#652537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/652537" - }, - { - "name" : "12484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12484" - }, - { - "name" : "oval:org.mitre.oval:def:1606", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1606" - }, - { - "name" : "oval:org.mitre.oval:def:1847", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1847" - }, - { - "name" : "oval:org.mitre.oval:def:1889", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1889" - }, - { - "name" : "oval:org.mitre.oval:def:4043", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4043" - }, - { - "name" : "win-smb-code-execution(19089)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the \"Server Message Block Vulnerability,\" and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110792638401852&w=2" + }, + { + "name": "oval:org.mitre.oval:def:4043", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4043" + }, + { + "name": "win-smb-code-execution(19089)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19089" + }, + { + "name": "20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=110795643831169&w=2" + }, + { + "name": "oval:org.mitre.oval:def:1606", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1606" + }, + { + "name": "12484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12484" + }, + { + "name": "TA05-039A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" + }, + { + "name": "oval:org.mitre.oval:def:1889", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1889" + }, + { + "name": "VU#652537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/652537" + }, + { + "name": "oval:org.mitre.oval:def:1847", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1847" + }, + { + "name": "20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111040962600205&w=2" + }, + { + "name": "MS05-011", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-011" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0448.json b/2005/0xxx/CVE-2005-0448.json index 2482c65e75e..c34b9442958 100644 --- a/2005/0xxx/CVE-2005-0448.json +++ b/2005/0xxx/CVE-2005-0448.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLSA-2006:1056", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056" - }, - { - "name" : "DSA-696", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-696" - }, - { - "name" : "FLSA-2006:152845", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "GLSA-200501-38", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml" - }, - { - "name" : "HPSBUX01208", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/8704" - }, - { - "name" : "SSRT5938", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/8704" - }, - { - "name" : "MDKSA-2005:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079" - }, - { - "name" : "RHSA-2005:881", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-881.html" - }, - { - "name" : "RHSA-2005:674", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-674.html" - }, - { - "name" : "20060101-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" - }, - { - "name" : "USN-94-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/94-1/" - }, - { - "name" : "oval:org.mitre.oval:def:728", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728" - }, - { - "name" : "oval:org.mitre.oval:def:10475", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475" - }, - { - "name" : "18075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18075" - }, - { - "name" : "12767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12767" - }, - { - "name" : "14531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14531" - }, - { - "name" : "18517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18517" - }, - { - "name" : "17079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17079" - }, - { - "name" : "55314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-696", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-696" + }, + { + "name": "HPSBUX01208", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/8704" + }, + { + "name": "RHSA-2005:881", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-881.html" + }, + { + "name": "MDKSA-2005:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079" + }, + { + "name": "55314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55314" + }, + { + "name": "18075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18075" + }, + { + "name": "12767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12767" + }, + { + "name": "CLSA-2006:1056", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056" + }, + { + "name": "oval:org.mitre.oval:def:10475", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475" + }, + { + "name": "20060101-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" + }, + { + "name": "FLSA-2006:152845", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "oval:org.mitre.oval:def:728", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728" + }, + { + "name": "GLSA-200501-38", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml" + }, + { + "name": "18517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18517" + }, + { + "name": "RHSA-2005:674", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-674.html" + }, + { + "name": "17079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17079" + }, + { + "name": "14531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14531" + }, + { + "name": "USN-94-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/94-1/" + }, + { + "name": "SSRT5938", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/8704" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0644.json b/2005/0xxx/CVE-2005-0644.json index 9d7c1217650..31edf63bd8e 100644 --- a/2005/0xxx/CVE-2005-0644.json +++ b/2005/0xxx/CVE-2005-0644.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050317 McAfee AntiVirus Library Stack Overflow", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/190" - }, - { - "name" : "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf", - "refsource" : "CONFIRM", - "url" : "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf" - }, - { - "name" : "VU#361180", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/361180" - }, - { - "name" : "10243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10243" - }, - { - "name" : "12832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12832" - }, - { - "name" : "1013463", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013463" - }, - { - "name" : "14628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#361180", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/361180" + }, + { + "name": "10243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10243" + }, + { + "name": "12832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12832" + }, + { + "name": "20050317 McAfee AntiVirus Library Stack Overflow", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/190" + }, + { + "name": "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf", + "refsource": "CONFIRM", + "url": "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf" + }, + { + "name": "14628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14628" + }, + { + "name": "1013463", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013463" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0658.json b/2005/0xxx/CVE-2005-0658.json index f32c6ff6252..524d9a512ef 100644 --- a/2005/0xxx/CVE-2005-0658.json +++ b/2005/0xxx/CVE-2005-0658.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050303 TYPO3 SQL Injection vunerabilitie", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110987892618892&w=2" - }, - { - "name" : "20050304 RE: TYPO3 SQL Injection vunerabilitie", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110995289619649&w=2" - }, - { - "name" : "20050304 Re: TYPO3 SQL Injection vunerabilitie", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110996536620069&w=2" - }, - { - "name" : "14465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050304 RE: TYPO3 SQL Injection vunerabilitie", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110995289619649&w=2" + }, + { + "name": "20050303 TYPO3 SQL Injection vunerabilitie", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110987892618892&w=2" + }, + { + "name": "14465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14465" + }, + { + "name": "20050304 Re: TYPO3 SQL Injection vunerabilitie", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110996536620069&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0820.json b/2005/0xxx/CVE-2005-0820.json index d691445b8a9..053c07fcd89 100644 --- a/2005/0xxx/CVE-2005-0820.json +++ b/2005/0xxx/CVE-2005-0820.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "867443", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/867443" - }, - { - "name" : "12824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12824" - }, - { - "name" : "14882", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14882" - }, - { - "name" : "1013454", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013454", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013454" + }, + { + "name": "14882", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14882" + }, + { + "name": "12824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12824" + }, + { + "name": "867443", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/867443" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1401.json b/2005/1xxx/CVE-2005-1401.json index a16a88d6d2e..892aadab9f1 100644 --- a/2005/1xxx/CVE-2005-1401.json +++ b/2005/1xxx/CVE-2005-1401.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050501 Clients format string and server crash in Mtp-Target 1.2.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.security-focus.com/archive/1/397304" - }, - { - "name" : "http://aluigi.altervista.org/adv/mtpbugs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/mtpbugs-adv.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050501 Clients format string and server crash in Mtp-Target 1.2.2", + "refsource": "BUGTRAQ", + "url": "http://www.security-focus.com/archive/1/397304" + }, + { + "name": "http://aluigi.altervista.org/adv/mtpbugs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/mtpbugs-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1631.json b/2005/1xxx/CVE-2005-1631.json index 0ae8e184a59..5f998bee2f7 100644 --- a/2005/1xxx/CVE-2005-1631.json +++ b/2005/1xxx/CVE-2005-1631.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=326826", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=326826" - }, - { - "name" : "13623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13623" - }, - { - "name" : "15305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15305" - }, - { - "name" : "booby-bookmarks-information-disclosure(20605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15305" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=326826", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=326826" + }, + { + "name": "13623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13623" + }, + { + "name": "booby-bookmarks-information-disclosure(20605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20605" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0058.json b/2009/0xxx/CVE-2009-0058.json index ea12027565e..dd3dec00d9b 100644 --- a/2009/0xxx/CVE-2009-0058.json +++ b/2009/0xxx/CVE-2009-0058.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml" - }, - { - "name" : "33608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33608" - }, - { - "name" : "1021679", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021679" - }, - { - "name" : "33749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml" + }, + { + "name": "33608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33608" + }, + { + "name": "33749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33749" + }, + { + "name": "1021679", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021679" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0206.json b/2009/0xxx/CVE-2009-0206.json index 6fb155160fb..c46f72696c9 100644 --- a/2009/0xxx/CVE-2009-0206.json +++ b/2009/0xxx/CVE-2009-0206.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02408", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123394068325944&w=2" - }, - { - "name" : "SSRT080182", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123394068325944&w=2" - }, - { - "name" : "33653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33653" - }, - { - "name" : "ADV-2009-0350", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0350" - }, - { - "name" : "33860", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33860" - }, - { - "name" : "hpux-nfs-dos(48556)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX02408", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123394068325944&w=2" + }, + { + "name": "33653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33653" + }, + { + "name": "hpux-nfs-dos(48556)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48556" + }, + { + "name": "SSRT080182", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123394068325944&w=2" + }, + { + "name": "33860", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33860" + }, + { + "name": "ADV-2009-0350", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0350" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0612.json b/2009/0xxx/CVE-2009-0612.json index fb94ec1a526..b2a916c4e69 100644 --- a/2009/0xxx/CVE-2009-0612.json +++ b/2009/0xxx/CVE-2009-0612.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090209 Trend micro - IWSVA/IWSS - Authorization module password leak", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500760/100/0/threaded" - }, - { - "name" : "33687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33687" - }, - { - "name" : "1021716", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021716" - }, - { - "name" : "33891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33891" - }, - { - "name" : "interscan-proxyauthorization-info-disc(48681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "interscan-proxyauthorization-info-disc(48681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48681" + }, + { + "name": "33891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33891" + }, + { + "name": "33687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33687" + }, + { + "name": "1021716", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021716" + }, + { + "name": "20090209 Trend micro - IWSVA/IWSS - Authorization module password leak", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500760/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1375.json b/2009/1xxx/CVE-2009-1375.json index 6e0387eab6e..df5e3ec3c62 100644 --- a/2009/1xxx/CVE-2009-1375.json +++ b/2009/1xxx/CVE-2009-1375.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pidgin.im/news/security/?id=31", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=31" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500491", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500491" - }, - { - "name" : "DSA-1805", - "refsource" : "DEBIAN", - "url" : "http://debian.org/security/2009/dsa-1805" - }, - { - "name" : "FEDORA-2009-5552", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html" - }, - { - "name" : "FEDORA-2009-5583", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html" - }, - { - "name" : "FEDORA-2009-5597", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html" - }, - { - "name" : "GLSA-200905-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml" - }, - { - "name" : "MDVSA-2009:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173" - }, - { - "name" : "RHSA-2009:1060", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1060.html" - }, - { - "name" : "USN-781-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-781-1" - }, - { - "name" : "35067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35067" - }, - { - "name" : "54649", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54649" - }, - { - "name" : "oval:org.mitre.oval:def:10829", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829" - }, - { - "name" : "35194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35194" - }, - { - "name" : "35202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35202" - }, - { - "name" : "35188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35188" - }, - { - "name" : "35215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35215" - }, - { - "name" : "35294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35294" - }, - { - "name" : "35329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35329" - }, - { - "name" : "ADV-2009-1396", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1396" - }, - { - "name" : "pidgin-purplecircbuffer-dos(50683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-5597", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html" + }, + { + "name": "RHSA-2009:1060", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=500491", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500491" + }, + { + "name": "GLSA-200905-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml" + }, + { + "name": "35067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35067" + }, + { + "name": "FEDORA-2009-5583", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html" + }, + { + "name": "35329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35329" + }, + { + "name": "USN-781-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-781-1" + }, + { + "name": "54649", + "refsource": "OSVDB", + "url": "http://osvdb.org/54649" + }, + { + "name": "DSA-1805", + "refsource": "DEBIAN", + "url": "http://debian.org/security/2009/dsa-1805" + }, + { + "name": "35294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35294" + }, + { + "name": "35188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35188" + }, + { + "name": "oval:org.mitre.oval:def:10829", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829" + }, + { + "name": "35194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35194" + }, + { + "name": "FEDORA-2009-5552", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html" + }, + { + "name": "35202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35202" + }, + { + "name": "35215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35215" + }, + { + "name": "ADV-2009-1396", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1396" + }, + { + "name": "http://www.pidgin.im/news/security/?id=31", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=31" + }, + { + "name": "pidgin-purplecircbuffer-dos(50683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50683" + }, + { + "name": "MDVSA-2009:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1410.json b/2009/1xxx/CVE-2009-1410.json index b59e08609a5..ca8afb9c5be 100644 --- a/2009/1xxx/CVE-2009-1410.json +++ b/2009/1xxx/CVE-2009-1410.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8505", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8505" - }, - { - "name" : "34647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34647" - }, - { - "name" : "quickcmslite-index-sql-injection(49989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quickcmslite-index-sql-injection(49989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49989" + }, + { + "name": "34647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34647" + }, + { + "name": "8505", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8505" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1414.json b/2009/1xxx/CVE-2009-1414.json index ec60db7b359..83e4dc27366 100644 --- a/2009/1xxx/CVE-2009-1414.json +++ b/2009/1xxx/CVE-2009-1414.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=9860", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=9860" - }, - { - "name" : "googlechrome-globalobject-xss(50446)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "googlechrome-globalobject-xss(50446)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50446" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=9860", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=9860" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5136.json b/2009/5xxx/CVE-2009-5136.json index 183098c4e76..a801633c983 100644 --- a/2009/5xxx/CVE-2009-5136.json +++ b/2009/5xxx/CVE-2009-5136.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html", - "refsource" : "CONFIRM", - "url" : "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=540545", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=540545" - }, - { - "name" : "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001", - "refsource" : "CONFIRM", - "url" : "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001" - }, - { - "name" : "RHSA-2010:0773", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2010-0773.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001", + "refsource": "CONFIRM", + "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=540545", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545" + }, + { + "name": "RHSA-2010:0773", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html" + }, + { + "name": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html", + "refsource": "CONFIRM", + "url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2257.json b/2012/2xxx/CVE-2012-2257.json index 6d7f56171fb..3cc39d07b3e 100644 --- a/2012/2xxx/CVE-2012-2257.json +++ b/2012/2xxx/CVE-2012-2257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2257", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2257", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2848.json b/2012/2xxx/CVE-2012-2848.json index ef8b8f71f10..fde394ad8f7 100644 --- a/2012/2xxx/CVE-2012-2848.json +++ b/2012/2xxx/CVE-2012-2848.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=127525", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=127525" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" - }, - { - "name" : "oval:org.mitre.oval:def:15658", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=127525", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=127525" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" + }, + { + "name": "oval:org.mitre.oval:def:15658", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15658" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3063.json b/2012/3xxx/CVE-2012-3063.json index 782bfe42e0c..908b61cd4d6 100644 --- a/2012/3xxx/CVE-2012-3063.json +++ b/2012/3xxx/CVE-2012-3063.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace" - }, - { - "name" : "1027188", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027188", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027188" + }, + { + "name": "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3494.json b/2012/3xxx/CVE-2012-3494.json index d93cd2439c7..f124884c62d 100644 --- a/2012/3xxx/CVE-2012-3494.json +++ b/2012/3xxx/CVE-2012-3494.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-announce] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html" - }, - { - "name" : "[oss-security] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/05/5" - }, - { - "name" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability", - "refsource" : "MISC", - "url" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=851139", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851139" - }, - { - "name" : "http://support.citrix.com/article/CTX134708", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX134708" - }, - { - "name" : "DSA-2544", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2544" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "openSUSE-SU-2012:1172", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2012:1129", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html" - }, - { - "name" : "SUSE-SU-2012:1132", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html" - }, - { - "name" : "SUSE-SU-2012:1133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html" - }, - { - "name" : "SUSE-SU-2012:1135", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html" - }, - { - "name" : "SUSE-SU-2012:1162", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html" - }, - { - "name" : "openSUSE-SU-2012:1572", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" - }, - { - "name" : "55400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55400" - }, - { - "name" : "85197", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85197" - }, - { - "name" : "1027479", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027479" - }, - { - "name" : "50472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50472" - }, - { - "name" : "50530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50530" - }, - { - "name" : "51413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51413" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - }, - { - "name" : "xen-setdebugreg-dos(78265)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "50530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50530" + }, + { + "name": "51413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51413" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "SUSE-SU-2012:1135", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html" + }, + { + "name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability", + "refsource": "MISC", + "url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=851139", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851139" + }, + { + "name": "openSUSE-SU-2012:1572", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" + }, + { + "name": "50472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50472" + }, + { + "name": "55400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55400" + }, + { + "name": "[oss-security] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/05/5" + }, + { + "name": "SUSE-SU-2012:1162", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html" + }, + { + "name": "openSUSE-SU-2012:1174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + }, + { + "name": "xen-setdebugreg-dos(78265)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78265" + }, + { + "name": "SUSE-SU-2012:1132", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html" + }, + { + "name": "http://support.citrix.com/article/CTX134708", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX134708" + }, + { + "name": "[Xen-announce] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html" + }, + { + "name": "SUSE-SU-2012:1129", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html" + }, + { + "name": "SUSE-SU-2012:1133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html" + }, + { + "name": "85197", + "refsource": "OSVDB", + "url": "http://osvdb.org/85197" + }, + { + "name": "1027479", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027479" + }, + { + "name": "openSUSE-SU-2012:1573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" + }, + { + "name": "openSUSE-SU-2012:1172", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" + }, + { + "name": "DSA-2544", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2544" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3581.json b/2012/3xxx/CVE-2012-3581.json index 3438aec6102..5d8029e6646 100644 --- a/2012/3xxx/CVE-2012-3581.json +++ b/2012/3xxx/CVE-2012-3581.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00" - }, - { - "name" : "55142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00" + }, + { + "name": "55142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55142" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4872.json b/2012/4xxx/CVE-2012-4872.json index 864616a5b5e..0fc7e8510de 100644 --- a/2012/4xxx/CVE-2012-4872.json +++ b/2012/4xxx/CVE-2012-4872.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html" - }, - { - "name" : "http://wiki.kayako.com/display/DOCS/4.40.985", - "refsource" : "MISC", - "url" : "http://wiki.kayako.com/display/DOCS/4.40.985" - }, - { - "name" : "http://wiki.kayako.com/display/DOCS/4.40.986", - "refsource" : "MISC", - "url" : "http://wiki.kayako.com/display/DOCS/4.40.986" - }, - { - "name" : "52625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52625" - }, - { - "name" : "48462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48462" - }, - { - "name" : "kayakofusion-submitticket-xss(74143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52625" + }, + { + "name": "http://wiki.kayako.com/display/DOCS/4.40.985", + "refsource": "MISC", + "url": "http://wiki.kayako.com/display/DOCS/4.40.985" + }, + { + "name": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html", + "refsource": "MISC", + "url": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html" + }, + { + "name": "http://wiki.kayako.com/display/DOCS/4.40.986", + "refsource": "MISC", + "url": "http://wiki.kayako.com/display/DOCS/4.40.986" + }, + { + "name": "48462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48462" + }, + { + "name": "kayakofusion-submitticket-xss(74143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4933.json b/2012/4xxx/CVE-2012-4933.json index 2a087f8bf06..aa60d2d97ca 100644 --- a/2012/4xxx/CVE-2012-4933.json +++ b/2012/4xxx/CVE-2012-4933.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks" - }, - { - "name" : "VU#332412", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/332412" - }, - { - "name" : "1027682", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027682" - }, - { - "name" : "novell-zam-info-disclosure(79252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027682", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027682" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks" + }, + { + "name": "novell-zam-info-disclosure(79252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79252" + }, + { + "name": "VU#332412", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/332412" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6222.json b/2012/6xxx/CVE-2012-6222.json index e1b92640834..83cdb9a540d 100644 --- a/2012/6xxx/CVE-2012-6222.json +++ b/2012/6xxx/CVE-2012-6222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6222", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6222", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6624.json b/2012/6xxx/CVE-2012-6624.json index b562309219f..bcaa5babf41 100644 --- a/2012/6xxx/CVE-2012-6624.json +++ b/2012/6xxx/CVE-2012-6624.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html" - }, - { - "name" : "53537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53537" - }, - { - "name" : "49188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html" + }, + { + "name": "53537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53537" + }, + { + "name": "49188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49188" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2213.json b/2017/2xxx/CVE-2017-2213.json index 9133ef23997..544cd851d4b 100644 --- a/2017/2xxx/CVE-2017-2213.json +++ b/2017/2xxx/CVE-2017-2213.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SemiDynaEXE (SemiDynaEXE2008.EXE)", - "version" : { - "version_data" : [ - { - "version_value" : "ver. 1.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Geospatial Information Authority of Japan (GSI)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SemiDynaEXE (SemiDynaEXE2008.EXE)", + "version": { + "version_data": [ + { + "version_value": "ver. 1.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Geospatial Information Authority of Japan (GSI)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html", - "refsource" : "CONFIRM", - "url" : "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html" - }, - { - "name" : "JVN#52691241", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN52691241/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#52691241", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN52691241/index.html" + }, + { + "name": "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html", + "refsource": "CONFIRM", + "url": "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2487.json b/2017/2xxx/CVE-2017-2487.json index 64acf250161..99310b815ff 100644 --- a/2017/2xxx/CVE-2017-2487.json +++ b/2017/2xxx/CVE-2017-2487.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2739.json b/2017/2xxx/CVE-2017-2739.json index eb54f3addc0..1a555f5f30e 100644 --- a/2017/2xxx/CVE-2017-2739.json +++ b/2017/2xxx/CVE-2017-2739.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Vmall", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than HwVmall 1.5.3.0 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "MITM" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Vmall", + "version": { + "version_data": [ + { + "version_value": "Earlier than HwVmall 1.5.3.0 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MITM" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6595.json b/2017/6xxx/CVE-2017-6595.json index 04efb8552e3..9d8fb8ac7f5 100644 --- a/2017/6xxx/CVE-2017-6595.json +++ b/2017/6xxx/CVE-2017-6595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6843.json b/2017/6xxx/CVE-2017-6843.json index 829a12541a2..08ee48e559e 100644 --- a/2017/6xxx/CVE-2017-6843.json +++ b/2017/6xxx/CVE-2017-6843.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11016.json b/2018/11xxx/CVE-2018-11016.json index 6c4ed6be5cb..e33cdf206b4 100644 --- a/2018/11xxx/CVE-2018-11016.json +++ b/2018/11xxx/CVE-2018-11016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11300.json b/2018/11xxx/CVE-2018-11300.json index d0801376eaa..f309879c613 100644 --- a/2018/11xxx/CVE-2018-11300.json +++ b/2018/11xxx/CVE-2018-11300.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a \"Use after free\" scenario." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1f111832dc93bc639538dc173397b30af329b130", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1f111832dc93bc639538dc173397b30af329b130" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a \"Use after free\" scenario." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1f111832dc93bc639538dc173397b30af329b130", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1f111832dc93bc639538dc173397b30af329b130" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11797.json b/2018/11xxx/CVE-2018-11797.json index d9efa43b9fc..11dd64b89d4 100644 --- a/2018/11xxx/CVE-2018-11797.json +++ b/2018/11xxx/CVE-2018-11797.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-10-05T00:00:00", - "ID" : "CVE-2018-11797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache PDFBox", - "version" : { - "version_data" : [ - { - "version_value" : "1.8.0 to 1.8.15" - }, - { - "version_value" : "2.0.0RC1 to 2.0.11" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-10-05T00:00:00", + "ID": "CVE-2018-11797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache PDFBox", + "version": { + "version_data": [ + { + "version_value": "1.8.0 to 1.8.15" + }, + { + "version_value": "2.0.0RC1 to 2.0.11" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20181005 [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E" - }, - { - "name" : "[announce] 20181006 [UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb@%3Cannounce.apache.org%3E" - }, - { - "name" : "[debian-lts-announce] 20181016 [SECURITY] [DLA 1547-1] libpdfbox-java security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00008.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[announce] 20181006 [UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb@%3Cannounce.apache.org%3E" + }, + { + "name": "[announce] 20181005 [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E" + }, + { + "name": "[debian-lts-announce] 20181016 [SECURITY] [DLA 1547-1] libpdfbox-java security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11924.json b/2018/11xxx/CVE-2018-11924.json index a729ec27f27..7c2cd67b8b8 100644 --- a/2018/11xxx/CVE-2018-11924.json +++ b/2018/11xxx/CVE-2018-11924.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11924", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11924", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14158.json b/2018/14xxx/CVE-2018-14158.json index e9a4abd9642..31b89a9321d 100644 --- a/2018/14xxx/CVE-2018-14158.json +++ b/2018/14xxx/CVE-2018-14158.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14158", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14158", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14275.json b/2018/14xxx/CVE-2018-14275.json index c23d91020cc..ac3dc414ca4 100644 --- a/2018/14xxx/CVE-2018-14275.json +++ b/2018/14xxx/CVE-2018-14275.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6038." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-735", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-735" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6038." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-735", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-735" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14374.json b/2018/14xxx/CVE-2018-14374.json index 2e7fa33afd4..37cd3927baa 100644 --- a/2018/14xxx/CVE-2018-14374.json +++ b/2018/14xxx/CVE-2018-14374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14374", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-14374", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15148.json b/2018/15xxx/CVE-2018-15148.json index 6b8048718b7..8403713fee2 100644 --- a/2018/15xxx/CVE-2018-15148.json +++ b/2018/15xxx/CVE-2018-15148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://insecurity.sh/reports/openemr.pdf", - "refsource" : "MISC", - "url" : "https://insecurity.sh/reports/openemr.pdf" - }, - { - "name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", - "refsource" : "MISC", - "url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" - }, - { - "name" : "https://github.com/openemr/openemr/pull/1757/files", - "refsource" : "CONFIRM", - "url" : "https://github.com/openemr/openemr/pull/1757/files" - }, - { - "name" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", - "refsource" : "CONFIRM", - "url" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://insecurity.sh/reports/openemr.pdf", + "refsource": "MISC", + "url": "https://insecurity.sh/reports/openemr.pdf" + }, + { + "name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", + "refsource": "MISC", + "url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" + }, + { + "name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", + "refsource": "CONFIRM", + "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + }, + { + "name": "https://github.com/openemr/openemr/pull/1757/files", + "refsource": "CONFIRM", + "url": "https://github.com/openemr/openemr/pull/1757/files" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15642.json b/2018/15xxx/CVE-2018-15642.json index ab8b0caad19..ed862f53e04 100644 --- a/2018/15xxx/CVE-2018-15642.json +++ b/2018/15xxx/CVE-2018-15642.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15642", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15642", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20377.json b/2018/20xxx/CVE-2018-20377.json index a0264e45da1..5e6a34fe425 100644 --- a/2018/20xxx/CVE-2018-20377.json +++ b/2018/20xxx/CVE-2018-20377.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/", - "refsource" : "MISC", - "url" : "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/" - }, - { - "name" : "https://github.com/zadewg/LIVEBOX-0DAY", - "refsource" : "MISC", - "url" : "https://github.com/zadewg/LIVEBOX-0DAY" - }, - { - "name" : "https://news.ycombinator.com/item?id=18745533", - "refsource" : "MISC", - "url" : "https://news.ycombinator.com/item?id=18745533" - }, - { - "name" : "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/", - "refsource" : "MISC", - "url" : "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/", + "refsource": "MISC", + "url": "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/" + }, + { + "name": "https://news.ycombinator.com/item?id=18745533", + "refsource": "MISC", + "url": "https://news.ycombinator.com/item?id=18745533" + }, + { + "name": "https://github.com/zadewg/LIVEBOX-0DAY", + "refsource": "MISC", + "url": "https://github.com/zadewg/LIVEBOX-0DAY" + }, + { + "name": "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/", + "refsource": "MISC", + "url": "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8723.json b/2018/8xxx/CVE-2018-8723.json index 752c80dead5..6c176542ee8 100644 --- a/2018/8xxx/CVE-2018-8723.json +++ b/2018/8xxx/CVE-2018-8723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8723", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8723", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file