diff --git a/2002/0xxx/CVE-2002-0026.json b/2002/0xxx/CVE-2002-0026.json index 884d266b890..f5c16a743ec 100644 --- a/2002/0xxx/CVE-2002-0026.json +++ b/2002/0xxx/CVE-2002-0026.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-005", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005" - }, - { - "name" : "4082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4082" - }, - { - "name" : "oval:org.mitre.oval:def:12", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12" - }, - { - "name" : "oval:org.mitre.oval:def:23", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A23" - }, - { - "name" : "oval:org.mitre.oval:def:32", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:32", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A32" + }, + { + "name": "oval:org.mitre.oval:def:12", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12" + }, + { + "name": "oval:org.mitre.oval:def:23", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A23" + }, + { + "name": "MS02-005", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005" + }, + { + "name": "4082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4082" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0424.json b/2002/0xxx/CVE-2002-0424.json index 44baa6c392f..f01c07ffcac 100644 --- a/2002/0xxx/CVE-2002-0424.json +++ b/2002/0xxx/CVE-2002-0424.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically \"nobody\"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020306 efingerd remote buffer overflow and a dangerous feature", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html" - }, - { - "name" : "http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz" - }, - { - "name" : "4240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4240" - }, - { - "name" : "efingerd-file-execution(8381)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8381.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically \"nobody\"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4240" + }, + { + "name": "http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz", + "refsource": "CONFIRM", + "url": "http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz" + }, + { + "name": "efingerd-file-execution(8381)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8381.php" + }, + { + "name": "20020306 efingerd remote buffer overflow and a dangerous feature", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0666.json b/2002/0xxx/CVE-2002-0666.json index c95fda25b2d..2fcb3f648a1 100644 --- a/2002/0xxx/CVE-2002-0666.json +++ b/2002/0xxx/CVE-2002-0666.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021018 Denial of Service in IPSEC implementations", - "refsource" : "BINDVIEW", - "url" : "http://razor.bindview.com/publish/advisories/adv_ipsec.html" - }, - { - "name" : "DSA-201", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-201" - }, - { - "name" : "NetBSD-SA2002-016", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc" - }, - { - "name" : "VU#459371", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/459371" - }, - { - "name" : "6011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6011" - }, - { - "name" : "ipsec-packet-integer-overflow(10411)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10411.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021018 Denial of Service in IPSEC implementations", + "refsource": "BINDVIEW", + "url": "http://razor.bindview.com/publish/advisories/adv_ipsec.html" + }, + { + "name": "ipsec-packet-integer-overflow(10411)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10411.php" + }, + { + "name": "6011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6011" + }, + { + "name": "DSA-201", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-201" + }, + { + "name": "VU#459371", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/459371" + }, + { + "name": "NetBSD-SA2002-016", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1156.json b/2002/1xxx/CVE-2002-1156.json index f53205ff883..67bd5a10573 100644 --- a/2002/1xxx/CVE-2002-1156.json +++ b/2002/1xxx/CVE-2002-1156.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.apacheweek.com/issues/02-10-04", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/issues/02-10-04" - }, - { - "name" : "http://www.apache.org/dist/httpd/CHANGES_2.0", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/httpd/CHANGES_2.0" - }, - { - "name" : "HPSBUX0210-224", - "refsource" : "HP", - "url" : "http://online.securityfocus.com/advisories/4617" - }, - { - "name" : "VU#910713", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/910713" - }, - { - "name" : "6065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6065" - }, - { - "name" : "apache-webdav-cgi-source(10499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0210-224", + "refsource": "HP", + "url": "http://online.securityfocus.com/advisories/4617" + }, + { + "name": "http://www.apacheweek.com/issues/02-10-04", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/issues/02-10-04" + }, + { + "name": "http://www.apache.org/dist/httpd/CHANGES_2.0", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/httpd/CHANGES_2.0" + }, + { + "name": "VU#910713", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/910713" + }, + { + "name": "apache-webdav-cgi-source(10499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10499" + }, + { + "name": "6065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6065" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1339.json b/2002/1xxx/CVE-2002-1339.json index 2158ba85328..1bda76f30f4 100644 --- a/2002/1xxx/CVE-2002-1339.json +++ b/2002/1xxx/CVE-2002-1339.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"XMLURL\" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101830175621193&w=2" - }, - { - "name" : "http://security.greymagic.com/adv/gm008-ie/", - "refsource" : "MISC", - "url" : "http://security.greymagic.com/adv/gm008-ie/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"XMLURL\" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.greymagic.com/adv/gm008-ie/", + "refsource": "MISC", + "url": "http://security.greymagic.com/adv/gm008-ie/" + }, + { + "name": "20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101830175621193&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1360.json b/2002/1xxx/CVE-2002-1360.json index 79a59af02cc..9c36286dcd4 100644 --- a/2002/1xxx/CVE-2002-1360.json +++ b/2002/1xxx/CVE-2002-1360.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html" - }, - { - "name" : "CA-2002-36", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-36.html" - }, - { - "name" : "oval:org.mitre.oval:def:5797", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797" - }, - { - "name" : "1005812", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005812" - }, - { - "name" : "1005813", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1005812", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005812" + }, + { + "name": "oval:org.mitre.oval:def:5797", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797" + }, + { + "name": "CA-2002-36", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-36.html" + }, + { + "name": "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html" + }, + { + "name": "1005813", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005813" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1477.json b/2002/1xxx/CVE-2002-1477.json index aa78d64a254..f513fe6bc94 100644 --- a/2002/1xxx/CVE-2002-1477.json +++ b/2002/1xxx/CVE-2002-1477.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Cacti security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html" - }, - { - "name" : "DSA-164", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-164" - }, - { - "name" : "http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt", - "refsource" : "MISC", - "url" : "http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt" - }, - { - "name" : "cacti-graph-label-commands(10048)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10048.php" - }, - { - "name" : "5627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cacti-graph-label-commands(10048)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10048.php" + }, + { + "name": "DSA-164", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-164" + }, + { + "name": "20020903 Cacti security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html" + }, + { + "name": "5627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5627" + }, + { + "name": "http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt", + "refsource": "MISC", + "url": "http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1519.json b/2002/1xxx/CVE-2002-1519.json index ea0e8412ebd..1bacbf7b818 100644 --- a/2002/1xxx/CVE-2002-1519.json +++ b/2002/1xxx/CVE-2002-1519.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020926 Watchguard firewall appliances security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html" - }, - { - "name" : "20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html" - }, - { - "name" : "5814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5814" - }, - { - "name" : "firebox-vclass-cli-format-string(10217)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10217.php" - }, - { - "name" : "4924", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020926 Watchguard firewall appliances security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html" + }, + { + "name": "20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html" + }, + { + "name": "firebox-vclass-cli-format-string(10217)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10217.php" + }, + { + "name": "5814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5814" + }, + { + "name": "4924", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4924" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1561.json b/2002/1xxx/CVE-2002-1561.json index e2c47d5addd..2c5764b8c84 100644 --- a/2002/1xxx/CVE-2002-1561.json +++ b/2002/1xxx/CVE-2002-1561.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021018 [Immunity, Inc.]Vulnerability: RPC Service DoS (port 135/tcp) onWindows 2000 SP3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/296114/2002-10-14/2002-10-20/0" - }, - { - "name" : "MS03-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-010" - }, - { - "name" : "VU#261537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/261537" - }, - { - "name" : "6005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6005" - }, - { - "name" : "oval:org.mitre.oval:def:59", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A59" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6005" + }, + { + "name": "oval:org.mitre.oval:def:59", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A59" + }, + { + "name": "MS03-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-010" + }, + { + "name": "VU#261537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/261537" + }, + { + "name": "20021018 [Immunity, Inc.]Vulnerability: RPC Service DoS (port 135/tcp) onWindows 2000 SP3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/296114/2002-10-14/2002-10-20/0" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2355.json b/2002/2xxx/CVE-2002-2355.json index 281114ab836..051ae4696f3 100644 --- a/2002/2xxx/CVE-2002-2355.json +++ b/2002/2xxx/CVE-2002-2355.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021010 Plain text DDNS password in NetGear FM114P backups", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/294740" - }, - { - "name" : "5943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5943" - }, - { - "name" : "netgear-fm114p-plaintext-ddns(10341)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10341.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5943" + }, + { + "name": "netgear-fm114p-plaintext-ddns(10341)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10341.php" + }, + { + "name": "20021010 Plain text DDNS password in NetGear FM114P backups", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/294740" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1399.json b/2009/1xxx/CVE-2009-1399.json index e93bc588046..b7e4927fce7 100644 --- a/2009/1xxx/CVE-2009-1399.json +++ b/2009/1xxx/CVE-2009-1399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1488.json b/2009/1xxx/CVE-2009-1488.json index 54f3b402bd9..1ac990e0e4d 100644 --- a/2009/1xxx/CVE-2009-1488.json +++ b/2009/1xxx/CVE-2009-1488.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090420 Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=124025031126068&w=2" - }, - { - "name" : "8493", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8493" - }, - { - "name" : "34610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34610" - }, - { - "name" : "ADV-2009-1117", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1117" - }, - { - "name" : "fungamez-index-file-include(50091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34610" + }, + { + "name": "20090420 Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=124025031126068&w=2" + }, + { + "name": "ADV-2009-1117", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1117" + }, + { + "name": "fungamez-index-file-include(50091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50091" + }, + { + "name": "8493", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8493" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1554.json b/2009/1xxx/CVE-2009-1554.json index ecdec2ac357..1918855a7dd 100644 --- a/2009/1xxx/CVE-2009-1554.json +++ b/2009/1xxx/CVE-2009-1554.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503239/100/0/threaded" - }, - { - "name" : "[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java", - "refsource" : "MLIST", - "url" : "https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041" - }, - { - "name" : "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html" - }, - { - "name" : "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=138", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=138" - }, - { - "name" : "34829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34829" - }, - { - "name" : "54220", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54220" - }, - { - "name" : "35006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35006" - }, - { - "name" : "woodstock-404page-xss(50336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html" + }, + { + "name": "34829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34829" + }, + { + "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html" + }, + { + "name": "20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503239/100/0/threaded" + }, + { + "name": "35006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35006" + }, + { + "name": "54220", + "refsource": "OSVDB", + "url": "http://osvdb.org/54220" + }, + { + "name": "woodstock-404page-xss(50336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50336" + }, + { + "name": "[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java", + "refsource": "MLIST", + "url": "https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=138", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=138" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0036.json b/2012/0xxx/CVE-2012-0036.json index 812232b72f9..1a521a51cd3 100644 --- a/2012/0xxx/CVE-2012-0036.json +++ b/2012/0xxx/CVE-2012-0036.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://curl.haxx.se/curl-url-sanitize.patch", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/curl-url-sanitize.patch" - }, - { - "name" : "http://curl.haxx.se/docs/adv_20120124.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20120124.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=773457", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=773457" - }, - { - "name" : "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238", - "refsource" : "CONFIRM", - "url" : "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "DSA-2398", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2398" - }, - { - "name" : "GLSA-201203-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-02.xml" - }, - { - "name" : "HPSBMU02786", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "SSRT100877", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "MDVSA-2012:058", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058" - }, - { - "name" : "51665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51665" - }, - { - "name" : "1032924", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032924" - }, - { - "name" : "48256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "HPSBMU02786", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03760en_us" + }, + { + "name": "1032924", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032924" + }, + { + "name": "DSA-2398", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2398" + }, + { + "name": "GLSA-201203-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml" + }, + { + "name": "51665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51665" + }, + { + "name": "48256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48256" + }, + { + "name": "http://curl.haxx.se/docs/adv_20120124.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20120124.html" + }, + { + "name": "http://curl.haxx.se/curl-url-sanitize.patch", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/curl-url-sanitize.patch" + }, + { + "name": "MDVSA-2012:058", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058" + }, + { + "name": "SSRT100877", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=773457", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773457" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238", + "refsource": "CONFIRM", + "url": "https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3362.json b/2012/3xxx/CVE-2012-3362.json index 2b89e9bc337..1b0e10425c5 100644 --- a/2012/3xxx/CVE-2012-3362.json +++ b/2012/3xxx/CVE-2012-3362.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120624 CVE request: CSRF in eXtplorer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/24/1" - }, - { - "name" : "[oss-security] 20120624 Re: CVE request: CSRF in eXtplorer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/25/1" - }, - { - "name" : "[oss-security] 20120626 Re: CVE request: CSRF in eXtplorer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/26/1" - }, - { - "name" : "[oss-security] 20120627 Re: CVE request: CSRF in eXtplorer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/27/1" - }, - { - "name" : "http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html", - "refsource" : "MISC", - "url" : "http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html" - }, - { - "name" : "DSA-2510", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html", + "refsource": "MISC", + "url": "http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html" + }, + { + "name": "DSA-2510", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2510" + }, + { + "name": "[oss-security] 20120624 Re: CVE request: CSRF in eXtplorer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/25/1" + }, + { + "name": "[oss-security] 20120624 CVE request: CSRF in eXtplorer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/24/1" + }, + { + "name": "[oss-security] 20120626 Re: CVE request: CSRF in eXtplorer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/26/1" + }, + { + "name": "[oss-security] 20120627 Re: CVE request: CSRF in eXtplorer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/27/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4057.json b/2012/4xxx/CVE-2012-4057.json index 49e48b966cb..d71b8941e18 100644 --- a/2012/4xxx/CVE-2012-4057.json +++ b/2012/4xxx/CVE-2012-4057.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18799", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18799" - }, - { - "name" : "53303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53303" - }, - { - "name" : "49008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49008" - }, - { - "name" : "remote-anything-dos(75237)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49008" + }, + { + "name": "53303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53303" + }, + { + "name": "18799", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18799" + }, + { + "name": "remote-anything-dos(75237)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75237" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4488.json b/2012/4xxx/CVE-2012-4488.json index c090166387a..cacf08965bb 100644 --- a/2012/4xxx/CVE-2012-4488.json +++ b/2012/4xxx/CVE-2012-4488.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" - }, - { - "name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" - }, - { - "name" : "http://drupal.org/node/1700588", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1700588" - }, - { - "name" : "http://drupal.org/node/1699962", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1699962" - }, - { - "name" : "http://drupal.org/node/1699984", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1699984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1700588", + "refsource": "MISC", + "url": "http://drupal.org/node/1700588" + }, + { + "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6" + }, + { + "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1" + }, + { + "name": "http://drupal.org/node/1699962", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1699962" + }, + { + "name": "http://drupal.org/node/1699984", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1699984" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4526.json b/2012/4xxx/CVE-2012-4526.json index ef169af710b..de15ecfc988 100644 --- a/2012/4xxx/CVE-2012-4526.json +++ b/2012/4xxx/CVE-2012-4526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4655.json b/2012/4xxx/CVE-2012-4655.json index 3531b6a1165..5e0f8d28fff 100644 --- a/2012/4xxx/CVE-2012-4655.json +++ b/2012/4xxx/CVE-2012-4655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac" - }, - { - "name" : "55606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55606" - }, - { - "name" : "50669", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50669" - }, - { - "name" : "securedesktop-weblaunch-code-execution(78677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac" + }, + { + "name": "50669", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50669" + }, + { + "name": "securedesktop-weblaunch-code-execution(78677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677" + }, + { + "name": "55606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55606" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4798.json b/2012/4xxx/CVE-2012-4798.json index bb9b23da56d..fe30d4fffee 100644 --- a/2012/4xxx/CVE-2012-4798.json +++ b/2012/4xxx/CVE-2012-4798.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4798", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4798", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4953.json b/2012/4xxx/CVE-2012-4953.json index 7325acaec5f..8232d026eae 100644 --- a/2012/4xxx/CVE-2012-4953.json +++ b/2012/4xxx/CVE-2012-4953.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00" - }, - { - "name" : "VU#985625", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/985625" - }, - { - "name" : "56399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56399" - }, - { - "name" : "1027726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00" + }, + { + "name": "VU#985625", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/985625" + }, + { + "name": "1027726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027726" + }, + { + "name": "56399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56399" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6005.json b/2012/6xxx/CVE-2012-6005.json index 70de13bf4e3..0ce86b470db 100644 --- a/2012/6xxx/CVE-2012-6005.json +++ b/2012/6xxx/CVE-2012-6005.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6005", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6005", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6170.json b/2012/6xxx/CVE-2012-6170.json index f053765fd3f..98637669a9a 100644 --- a/2012/6xxx/CVE-2012-6170.json +++ b/2012/6xxx/CVE-2012-6170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6170", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6170", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2153.json b/2017/2xxx/CVE-2017-2153.json index 60656ec695c..03421490b2f 100644 --- a/2017/2xxx/CVE-2017-2153.json +++ b/2017/2xxx/CVE-2017-2153.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SEIL/x86 Fuji", - "version" : { - "version_data" : [ - { - "version_value" : "1.70 to 5.62" - } - ] - } - }, - { - "product_name" : "SEIL/BPV4", - "version" : { - "version_data" : [ - { - "version_value" : "5.00 to 5.62" - } - ] - } - }, - { - "product_name" : "SEIL/X1", - "version" : { - "version_data" : [ - { - "version_value" : "1.30 to 5.62" - } - ] - } - }, - { - "product_name" : "SEIL/X2", - "version" : { - "version_data" : [ - { - "version_value" : "1.30 to 5.62" - } - ] - } - }, - { - "product_name" : "SEIL/B1", - "version" : { - "version_data" : [ - { - "version_value" : "1.00 to 5.62" - } - ] - } - } - ] - }, - "vendor_name" : "Internet Initiative Japan Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial-of-service (DoS)" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SEIL/x86 Fuji", + "version": { + "version_data": [ + { + "version_value": "1.70 to 5.62" + } + ] + } + }, + { + "product_name": "SEIL/BPV4", + "version": { + "version_data": [ + { + "version_value": "5.00 to 5.62" + } + ] + } + }, + { + "product_name": "SEIL/X1", + "version": { + "version_data": [ + { + "version_value": "1.30 to 5.62" + } + ] + } + }, + { + "product_name": "SEIL/X2", + "version": { + "version_data": [ + { + "version_value": "1.30 to 5.62" + } + ] + } + }, + { + "product_name": "SEIL/B1", + "version": { + "version_data": [ + { + "version_value": "1.00 to 5.62" + } + ] + } + } + ] + }, + "vendor_name": "Internet Initiative Japan Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.seil.jp/support/security/a01783.html", - "refsource" : "MISC", - "url" : "http://www.seil.jp/support/security/a01783.html" - }, - { - "name" : "JVN#86171513", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN86171513/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.seil.jp/support/security/a01783.html", + "refsource": "MISC", + "url": "http://www.seil.jp/support/security/a01783.html" + }, + { + "name": "JVN#86171513", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN86171513/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2453.json b/2017/2xxx/CVE-2017-2453.json index fe6dbb43646..95a2c37c039 100644 --- a/2017/2xxx/CVE-2017-2453.json +++ b/2017/2xxx/CVE-2017-2453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97129" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97129" + }, + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6040.json b/2017/6xxx/CVE-2017-6040.json index cc37b4f5dc7..4f694f57e68 100644 --- a/2017/6xxx/CVE-2017-6040.json +++ b/2017/6xxx/CVE-2017-6040.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-6040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Belden Hirschmann GECKO", - "version" : { - "version_data" : [ - { - "version_value" : "Belden Hirschmann GECKO" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-6040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Belden Hirschmann GECKO", + "version": { + "version_data": [ + { + "version_value": "Belden Hirschmann GECKO" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6668.json b/2017/6xxx/CVE-2017-6668.json index c48248b346a..0af7a1542da 100644 --- a/2017/6xxx/CVE-2017-6668.json +++ b/2017/6xxx/CVE-2017-6668.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Domain Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Domain Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection Vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Domain Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Domain Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm2" - }, - { - "name" : "98947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98947" - }, - { - "name" : "1038632", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection Vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98947" + }, + { + "name": "1038632", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038632" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm2" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6940.json b/2017/6xxx/CVE-2017-6940.json index db50604afc4..c5c0370a2a3 100644 --- a/2017/6xxx/CVE-2017-6940.json +++ b/2017/6xxx/CVE-2017-6940.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6940", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6940", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11185.json b/2018/11xxx/CVE-2018-11185.json index 43627a1aea3..847f422402f 100644 --- a/2018/11xxx/CVE-2018-11185.json +++ b/2018/11xxx/CVE-2018-11185.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11741.json b/2018/11xxx/CVE-2018-11741.json index fff297b5bb3..a2560e25b46 100644 --- a/2018/11xxx/CVE-2018-11741.json +++ b/2018/11xxx/CVE-2018-11741.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45942", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45942/" - }, - { - "name" : "20181204 CVE-2018-11741 / CVE-2018-11742 / NEC Univerge Sv9100 WebPro - 6.00 / Predictable Session ID / Clear Text Password Storage", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/1" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html" + }, + { + "name": "45942", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45942/" + }, + { + "name": "20181204 CVE-2018-11741 / CVE-2018-11742 / NEC Univerge Sv9100 WebPro - 6.00 / Predictable Session ID / Clear Text Password Storage", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/1" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14197.json b/2018/14xxx/CVE-2018-14197.json index 000d0e19e2e..bbe993c0340 100644 --- a/2018/14xxx/CVE-2018-14197.json +++ b/2018/14xxx/CVE-2018-14197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14197", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14197", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15361.json b/2018/15xxx/CVE-2018-15361.json index bf929a0726e..c9b7f3729f7 100644 --- a/2018/15xxx/CVE-2018-15361.json +++ b/2018/15xxx/CVE-2018-15361.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2019-03-01T00:00:00", - "ID" : "CVE-2018-15361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UltraVNC", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "UltraVNC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-124: Buffer Underwrite" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2019-03-01T00:00:00", + "ID": "CVE-2018-15361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UltraVNC", + "version": { + "version_data": [ + { + "version_value": "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name": "UltraVNC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-124: Buffer Underwrite" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15531.json b/2018/15xxx/CVE-2018-15531.json index f21596b507d..8c55ece92e9 100644 --- a/2018/15xxx/CVE-2018-15531.json +++ b/2018/15xxx/CVE-2018-15531.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180925 Multiple vulnerabilities in Jenkins plugins", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/09/25/3" - }, - { - "name" : "https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353", - "refsource" : "CONFIRM", - "url" : "https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353" - }, - { - "name" : "https://github.com/javamelody/javamelody/wiki/ReleaseNotes", - "refsource" : "CONFIRM", - "url" : "https://github.com/javamelody/javamelody/wiki/ReleaseNotes" - }, - { - "name" : "https://jenkins.io/security/advisory/2018-09-25/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-09-25/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20180925 Multiple vulnerabilities in Jenkins plugins", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/09/25/3" + }, + { + "name": "https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353", + "refsource": "CONFIRM", + "url": "https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353" + }, + { + "name": "https://github.com/javamelody/javamelody/wiki/ReleaseNotes", + "refsource": "CONFIRM", + "url": "https://github.com/javamelody/javamelody/wiki/ReleaseNotes" + }, + { + "name": "https://jenkins.io/security/advisory/2018-09-25/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-09-25/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15607.json b/2018/15xxx/CVE-2018-15607.json index 8f98c65cb3e..74c2e952cac 100644 --- a/2018/15xxx/CVE-2018-15607.json +++ b/2018/15xxx/CVE-2018-15607.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1255", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1255" - }, - { - "name" : "105137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1255", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1255" + }, + { + "name": "105137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105137" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15777.json b/2018/15xxx/CVE-2018-15777.json index c2ec290c82e..ad08d723da8 100644 --- a/2018/15xxx/CVE-2018-15777.json +++ b/2018/15xxx/CVE-2018-15777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15777", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15777", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15903.json b/2018/15xxx/CVE-2018-15903.json index 6803e114687..54f15b56494 100644 --- a/2018/15xxx/CVE-2018-15903.json +++ b/2018/15xxx/CVE-2018-15903.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 CVE-2018-15903 - Stored XSS on Claromentis", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Oct/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181003 CVE-2018-15903 - Stored XSS on Claromentis", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Oct/12" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20278.json b/2018/20xxx/CVE-2018-20278.json index fa0af433817..7aacaffc80b 100644 --- a/2018/20xxx/CVE-2018-20278.json +++ b/2018/20xxx/CVE-2018-20278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20278", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20278", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20308.json b/2018/20xxx/CVE-2018-20308.json index fce578472dd..fe9353095e6 100644 --- a/2018/20xxx/CVE-2018-20308.json +++ b/2018/20xxx/CVE-2018-20308.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20308", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20308", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20378.json b/2018/20xxx/CVE-2018-20378.json index d8628a90bfa..b71de656546 100644 --- a/2018/20xxx/CVE-2018-20378.json +++ b/2018/20xxx/CVE-2018-20378.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20378", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20378", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20792.json b/2018/20xxx/CVE-2018-20792.json index 88b9e805e79..ac9e6437828 100644 --- a/2018/20xxx/CVE-2018-20792.json +++ b/2018/20xxx/CVE-2018-20792.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45987", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45987", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45987" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9210.json b/2018/9xxx/CVE-2018-9210.json index 56383e8c046..c09bbf4bce9 100644 --- a/2018/9xxx/CVE-2018-9210.json +++ b/2018/9xxx/CVE-2018-9210.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9210", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9210", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9386.json b/2018/9xxx/CVE-2018-9386.json index 82c262db309..830264fcac0 100644 --- a/2018/9xxx/CVE-2018-9386.json +++ b/2018/9xxx/CVE-2018-9386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9386", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9386", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file