diff --git a/2002/0xxx/CVE-2002-0131.json b/2002/0xxx/CVE-2002-0131.json index b25639d2865..b170e713d4e 100644 --- a/2002/0xxx/CVE-2002-0131.json +++ b/2002/0xxx/CVE-2002-0131.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020115 Serious privacy leak in Python for Windows ", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?t=101113015900001&r=1&w=2" - }, - { - "name" : "20020116 Re: Serious privacy leak in Python for Windows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/250814" - }, - { - "name" : "3893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3893" - }, - { - "name" : "activepython-activex-read-files(7910)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7910.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020116 Re: Serious privacy leak in Python for Windows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/250814" + }, + { + "refsource": "BUGTRAQ", + "name": "20020115 Serious privacy leak in Python for Windows", + "url": "http://marc.info/?t=101113015900001&r=1&w=2" + }, + { + "name": "3893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3893" + }, + { + "name": "activepython-activex-read-files(7910)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7910.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0924.json b/2002/0xxx/CVE-2002-0924.json index c3b64f29eeb..247d25686cb 100644 --- a/2002/0xxx/CVE-2002-0924.json +++ b/2002/0xxx/CVE-2002-0924.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the \"Advanced Settings\" capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html" - }, - { - "name" : "4451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the \"Advanced Settings\" capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4451" + }, + { + "name": "20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1010.json b/2002/1xxx/CVE-2002-1010.json index 843c595dd7f..bdbafdbdf35 100644 --- a/2002/1xxx/CVE-2002-1010.json +++ b/2002/1xxx/CVE-2002-1010.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a \"?\" character, which is treated as a wildcard character and bypasses the web handlers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a \"?\" character, which is treated as a wildcard character and bypasses the web handlers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1376.json b/2002/1xxx/CVE-2002-1376.json index b3598f623bc..5e233f9aeab 100644 --- a/2002/1xxx/CVE-2002-1376.json +++ b/2002/1xxx/CVE-2002-1376.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021212 Advisory 04/2002: Multiple MySQL vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103971644013961&w=2" - }, - { - "name" : "http://security.e-matters.de/advisories/042002.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/042002.html" - }, - { - "name" : "CLSA-2002:555", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555" - }, - { - "name" : "DSA-212", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-212" - }, - { - "name" : "ESA-20021213-033", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html" - }, - { - "name" : "MDKSA-2002:087", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:087" - }, - { - "name" : "20021215 GLSA: mysql", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104004857201968&w=2" - }, - { - "name" : "20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104005886114500&w=2" - }, - { - "name" : "20021219 TSLSA-2002-0086 - mysql", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104033188706000&w=2" - }, - { - "name" : "RHSA-2002:288", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-288.html" - }, - { - "name" : "6370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6370" - }, - { - "name" : "6374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6374" - }, - { - "name" : "mysql-libmysqlclient-readrows-bo(10849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10849" - }, - { - "name" : "mysql-libmysqlclient-readonerow-bo(10850)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021212 Advisory 04/2002: Multiple MySQL vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103971644013961&w=2" + }, + { + "name": "20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104005886114500&w=2" + }, + { + "name": "20021219 TSLSA-2002-0086 - mysql", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104033188706000&w=2" + }, + { + "name": "6370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6370" + }, + { + "name": "CLSA-2002:555", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555" + }, + { + "name": "MDKSA-2002:087", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:087" + }, + { + "name": "20021215 GLSA: mysql", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104004857201968&w=2" + }, + { + "name": "mysql-libmysqlclient-readonerow-bo(10850)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10850" + }, + { + "name": "mysql-libmysqlclient-readrows-bo(10849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10849" + }, + { + "name": "ESA-20021213-033", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html" + }, + { + "name": "http://security.e-matters.de/advisories/042002.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/042002.html" + }, + { + "name": "6374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6374" + }, + { + "name": "DSA-212", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-212" + }, + { + "name": "RHSA-2002:288", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-288.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1688.json b/2002/1xxx/CVE-2002-1688.json index a4179cce4e8..785526f9f74 100644 --- a/2002/1xxx/CVE-2002-1688.json +++ b/2002/1xxx/CVE-2002-1688.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020414 Using the backbutton in IE is dangerous", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/267561" - }, - { - "name" : "ie-history-javascript-urls(8844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8844" - }, - { - "name" : "4505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4505" + }, + { + "name": "ie-history-javascript-urls(8844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8844" + }, + { + "name": "20020414 Using the backbutton in IE is dangerous", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/267561" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1748.json b/2002/1xxx/CVE-2002-1748.json index c77721ccf24..a4c1494485b 100644 --- a/2002/1xxx/CVE-2002-1748.json +++ b/2002/1xxx/CVE-2002-1748.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in Slashcode, allows remote authenticated users to gain access to arbitrary accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020110 [SA-2002:00] Slashcode login vulunerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/249355" - }, - { - "name" : "3839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3839" - }, - { - "name" : "slashcode-account-access(7863)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in Slashcode, allows remote authenticated users to gain access to arbitrary accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3839" + }, + { + "name": "20020110 [SA-2002:00] Slashcode login vulunerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/249355" + }, + { + "name": "slashcode-account-access(7863)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7863" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1754.json b/2002/1xxx/CVE-2002-1754.json index 9736b47ec8f..0ef696abc6e 100644 --- a/2002/1xxx/CVE-2002-1754.json +++ b/2002/1xxx/CVE-2002-1754.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/servlet/tidfinder/2962694", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/servlet/tidfinder/2962694" - }, - { - "name" : "http://www.cqure.net/advisories.jsp?id=15", - "refsource" : "MISC", - "url" : "http://www.cqure.net/advisories.jsp?id=15" - }, - { - "name" : "netware-client-hostname-dos(9035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/servlet/tidfinder/2962694", + "refsource": "CONFIRM", + "url": "http://support.novell.com/servlet/tidfinder/2962694" + }, + { + "name": "http://www.cqure.net/advisories.jsp?id=15", + "refsource": "MISC", + "url": "http://www.cqure.net/advisories.jsp?id=15" + }, + { + "name": "netware-client-hostname-dos(9035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9035" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1984.json b/2002/1xxx/CVE-2002-1984.json index 4a1f8c045aa..cbc7a8e6e58 100644 --- a/2002/1xxx/CVE-2002-1984.json +++ b/2002/1xxx/CVE-2002-1984.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of \"CLSID:00022613-0000-0000-C000-000000000046\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020625 A DoS against IE in W2K and XP? You Make the Call...", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2002/Jun/0303.html" - }, - { - "name" : "5094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of \"CLSID:00022613-0000-0000-C000-000000000046\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5094" + }, + { + "name": "20020625 A DoS against IE in W2K and XP? You Make the Call...", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2002/Jun/0303.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2379.json b/2002/2xxx/CVE-2002-2379.json index 737c57b4c6f..b993027631c 100644 --- a/2002/2xxx/CVE-2002-2379.json +++ b/2002/2xxx/CVE-2002-2379.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021028 CISCO as5350 crashes with nmap connect scan", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00397.html" - }, - { - "name" : "20021029 Re: CISCO as5350 crashes with nmap connect scan", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00411.html" - }, - { - "name" : "20021029 Re: CISCO as5350 crashes with nmap connect scan", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00413.html" - }, - { - "name" : "20021029 Re: CISCO as5350 crashes with nmap connect scan", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00420.html" - }, - { - "name" : "20021029 Response to BugTraq - Cisco AS5350 Crashes with nmap Connect Scan", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/hw/univgate/ps501/products_security_notice09186a008024dba2.html" - }, - { - "name" : "6059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6059" - }, - { - "name" : "cisco-as5350-portscan-dos(10522)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10522.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021029 Response to BugTraq - Cisco AS5350 Crashes with nmap Connect Scan", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/hw/univgate/ps501/products_security_notice09186a008024dba2.html" + }, + { + "name": "20021029 Re: CISCO as5350 crashes with nmap connect scan", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00413.html" + }, + { + "name": "20021029 Re: CISCO as5350 crashes with nmap connect scan", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00420.html" + }, + { + "name": "20021029 Re: CISCO as5350 crashes with nmap connect scan", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00411.html" + }, + { + "name": "20021028 CISCO as5350 crashes with nmap connect scan", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00397.html" + }, + { + "name": "cisco-as5350-portscan-dos(10522)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10522.php" + }, + { + "name": "6059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6059" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0775.json b/2003/0xxx/CVE-2003-0775.json index 09095317cc9..d2bce30230c 100644 --- a/2003/0xxx/CVE-2003-0775.json +++ b/2003/0xxx/CVE-2003-0775.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-379", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-379" - }, - { - "name" : "RHSA-2003:278", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html" - }, - { - "name" : "RHSA-2003:285", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html" - }, - { - "name" : "MDKSA-2003:099", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099" - }, - { - "name" : "SuSE-SA:2003:046", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html" - }, - { - "name" : "CSSA-2004-005.0", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt" - }, - { - "name" : "8600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8600" - }, - { - "name" : "8593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:278", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-278.html" + }, + { + "name": "CSSA-2004-005.0", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt" + }, + { + "name": "SuSE-SA:2003:046", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html" + }, + { + "name": "8600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8600" + }, + { + "name": "RHSA-2003:285", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-285.html" + }, + { + "name": "8593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8593" + }, + { + "name": "DSA-379", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-379" + }, + { + "name": "MDKSA-2003:099", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0856.json b/2003/0xxx/CVE-2003-0856.json index 95373340faa..9e571097600 100644 --- a/2003/0xxx/CVE-2003-0856.json +++ b/2003/0xxx/CVE-2003-0856.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:317", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-317.html" - }, - { - "name" : "RHSA-2003:316", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-316.html" - }, - { - "name" : "DSA-492", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-492" - }, - { - "name" : "FEDORA-2004-115", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html" - }, - { - "name" : "SUSE-SR:2005:001", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_01_sr.html" - }, - { - "name" : "oval:org.mitre.oval:def:10912", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:316", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-316.html" + }, + { + "name": "DSA-492", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-492" + }, + { + "name": "oval:org.mitre.oval:def:10912", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10912" + }, + { + "name": "RHSA-2003:317", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-317.html" + }, + { + "name": "FEDORA-2004-115", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html" + }, + { + "name": "SUSE-SR:2005:001", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0932.json b/2003/0xxx/CVE-2003-0932.json index d6af58a20a6..313542ccacf 100644 --- a/2003/0xxx/CVE-2003-0932.json +++ b/2003/0xxx/CVE-2003-0932.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-400", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-400", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-400" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1474.json b/2009/1xxx/CVE-2009-1474.json index 716faf519b6..4a5035b0254 100644 --- a/2009/1xxx/CVE-2009-1474.json +++ b/2009/1xxx/CVE-2009-1474.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503827/100/0/threaded" - }, - { - "name" : "35108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35108" - }, - { - "name" : "35241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35241" - }, - { - "name" : "aten-kvm-mouse-weak-security(50850)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35241" + }, + { + "name": "35108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35108" + }, + { + "name": "aten-kvm-mouse-weak-security(50850)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50850" + }, + { + "name": "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1639.json b/2009/1xxx/CVE-2009-1639.json index 1446ab16010..d02c5db157d 100644 --- a/2009/1xxx/CVE-2009-1639.json +++ b/2009/1xxx/CVE-2009-1639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Novell 4.03 allows user-assisted attackers to execute arbitrary code via a crafted .NKNT file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Novell-Traditional-volumes-v-4-03-Code-Execution-and-DoS", - "refsource" : "MISC", - "url" : "http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Novell-Traditional-volumes-v-4-03-Code-Execution-and-DoS" - }, - { - "name" : "http://www.insight-tech.org/xploits/KernelrecoveryforNovell(Traditionalvolumes)v.4.03CodeExecutionandDoS.py", - "refsource" : "MISC", - "url" : "http://www.insight-tech.org/xploits/KernelrecoveryforNovell(Traditionalvolumes)v.4.03CodeExecutionandDoS.py" - }, - { - "name" : "34846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34846" - }, - { - "name" : "34798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Novell 4.03 allows user-assisted attackers to execute arbitrary code via a crafted .NKNT file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.insight-tech.org/xploits/KernelrecoveryforNovell(Traditionalvolumes)v.4.03CodeExecutionandDoS.py", + "refsource": "MISC", + "url": "http://www.insight-tech.org/xploits/KernelrecoveryforNovell(Traditionalvolumes)v.4.03CodeExecutionandDoS.py" + }, + { + "name": "http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Novell-Traditional-volumes-v-4-03-Code-Execution-and-DoS", + "refsource": "MISC", + "url": "http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Novell-Traditional-volumes-v-4-03-Code-Execution-and-DoS" + }, + { + "name": "34846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34846" + }, + { + "name": "34798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34798" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0510.json b/2012/0xxx/CVE-2012-0510.json index 0b3a321b40a..f604d9c2818 100644 --- a/2012/0xxx/CVE-2012-0510.json +++ b/2012/0xxx/CVE-2012-0510.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7 allows remote attackers to affect integrity and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7 allows remote attackers to affect integrity and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026929" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0852.json b/2012/0xxx/CVE-2012-0852.json index fc37f1771f4..5b84b630c50 100644 --- a/2012/0xxx/CVE-2012-0852.json +++ b/2012/0xxx/CVE-2012-0852.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/14/4" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897" - }, - { - "name" : "http://libav.org/", - "refsource" : "CONFIRM", - "url" : "http://libav.org/" - }, - { - "name" : "https://ffmpeg.org/trac/ffmpeg/ticket/794", - "refsource" : "CONFIRM", - "url" : "https://ffmpeg.org/trac/ffmpeg/ticket/794" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "DSA-2494", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2494" - }, - { - "name" : "USN-1479-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1479-1" - }, - { - "name" : "ffmpeg-adpcmdecodeframe-code-exec(78932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1479-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1479-1" + }, + { + "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" + }, + { + "name": "https://ffmpeg.org/trac/ffmpeg/ticket/794", + "refsource": "CONFIRM", + "url": "https://ffmpeg.org/trac/ffmpeg/ticket/794" + }, + { + "name": "DSA-2494", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2494" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897" + }, + { + "name": "http://libav.org/", + "refsource": "CONFIRM", + "url": "http://libav.org/" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "ffmpeg-adpcmdecodeframe-code-exec(78932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78932" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0962.json b/2012/0xxx/CVE-2012-0962.json index 8faa67675d5..288fea91133 100644 --- a/2012/0xxx/CVE-2012-0962.json +++ b/2012/0xxx/CVE-2012-0962.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2012-0962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789" - }, - { - "name" : "USN-1666-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1666-1" - }, - { - "name" : "56959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56959" - }, - { - "name" : "1027891", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027891" - }, - { - "name" : "51627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51627" + }, + { + "name": "https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789" + }, + { + "name": "USN-1666-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1666-1" + }, + { + "name": "1027891", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027891" + }, + { + "name": "56959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56959" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1023.json b/2012/1xxx/CVE-2012-1023.json index afe13309f66..40f0388a41d 100644 --- a/2012/1xxx/CVE-2012-1023.json +++ b/2012/1xxx/CVE-2012-1023.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/109290/4images-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109290/4images-xss.txt" - }, - { - "name" : "51774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51774" - }, - { - "name" : "78779", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78779" - }, - { - "name" : "4images-index-open-redirect(72925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51774" + }, + { + "name": "http://packetstormsecurity.org/files/109290/4images-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109290/4images-xss.txt" + }, + { + "name": "78779", + "refsource": "OSVDB", + "url": "http://osvdb.org/78779" + }, + { + "name": "4images-index-open-redirect(72925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72925" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3169.json b/2012/3xxx/CVE-2012-3169.json index 97fb4b9f574..470c19561fb 100644 --- a/2012/3xxx/CVE-2012-3169.json +++ b/2012/3xxx/CVE-2012-3169.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3170." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3170." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3463.json b/2012/3xxx/CVE-2012-3463.json index 9490f661d11..71e05dd5caa 100644 --- a/2012/3xxx/CVE-2012-3463.json +++ b/2012/3xxx/CVE-2012-3463.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rubyonrails-security] 20120810 Ruby on Rails Potential XSS Vulnerability in select_tag prompt", - "refsource" : "MLIST", - "url" : "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain" - }, - { - "name" : "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" - }, - { - "name" : "RHSA-2013:0154", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0154.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" + }, + { + "name": "[rubyonrails-security] 20120810 Ruby on Rails Potential XSS Vulnerability in select_tag prompt", + "refsource": "MLIST", + "url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain" + }, + { + "name": "RHSA-2013:0154", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3537.json b/2012/3xxx/CVE-2012-3537.json index b1d2fd72da8..f5f0f9e4f2f 100644 --- a/2012/3xxx/CVE-2012-3537.json +++ b/2012/3xxx/CVE-2012-3537.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to \"insecure handling of tmp files\" and predictable file names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120827 CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/27/5" - }, - { - "name" : "[oss-security] 20120827 Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/27/7" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=774967", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=774967" - }, - { - "name" : "https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8", - "refsource" : "MISC", - "url" : "https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8" - }, - { - "name" : "https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87", - "refsource" : "MISC", - "url" : "https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87" - }, - { - "name" : "https://github.com/dellcloudedge/barclamp-deployer/pull/57", - "refsource" : "CONFIRM", - "url" : "https://github.com/dellcloudedge/barclamp-deployer/pull/57" - }, - { - "name" : "55240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55240" - }, - { - "name" : "84955", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84955" - }, - { - "name" : "50442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50442" - }, - { - "name" : "crowbar-privilege-escalation(78041)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to \"insecure handling of tmp files\" and predictable file names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8", + "refsource": "MISC", + "url": "https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8" + }, + { + "name": "crowbar-privilege-escalation(78041)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78041" + }, + { + "name": "[oss-security] 20120827 Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/27/7" + }, + { + "name": "https://github.com/dellcloudedge/barclamp-deployer/pull/57", + "refsource": "CONFIRM", + "url": "https://github.com/dellcloudedge/barclamp-deployer/pull/57" + }, + { + "name": "55240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55240" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=774967", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=774967" + }, + { + "name": "50442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50442" + }, + { + "name": "https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87", + "refsource": "MISC", + "url": "https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87" + }, + { + "name": "84955", + "refsource": "OSVDB", + "url": "http://osvdb.org/84955" + }, + { + "name": "[oss-security] 20120827 CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/27/5" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3640.json b/2012/3xxx/CVE-2012-3640.json index 306446ab65c..91f4f41960b 100644 --- a/2012/3xxx/CVE-2012-3640.json +++ b/2012/3xxx/CVE-2012-3640.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4512.json b/2012/4xxx/CVE-2012-4512.json index b17b51ce1b7..710d66eef00 100644 --- a/2012/4xxx/CVE-2012-4512.json +++ b/2012/4xxx/CVE-2012-4512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4624.json b/2012/4xxx/CVE-2012-4624.json index f38faeb6eb9..0f9f3d3623b 100644 --- a/2012/4xxx/CVE-2012-4624.json +++ b/2012/4xxx/CVE-2012-4624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4826.json b/2012/4xxx/CVE-2012-4826.json index 6d6adde0e37..350904673f7 100644 --- a/2012/4xxx/CVE-2012-4826.json +++ b/2012/4xxx/CVE-2012-4826.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21450666", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21450666" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21614536", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21614536" - }, - { - "name" : "IC86765", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765" - }, - { - "name" : "IC86781", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781" - }, - { - "name" : "IC86782", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782" - }, - { - "name" : "IC86783", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783" - }, - { - "name" : "IC87192", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192" - }, - { - "name" : "56133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56133" - }, - { - "name" : "86414", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21450666", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21450666" + }, + { + "name": "IC87192", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87192" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21614536", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614536" + }, + { + "name": "IC86781", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86781" + }, + { + "name": "IC86783", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86783" + }, + { + "name": "IC86765", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86765" + }, + { + "name": "56133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56133" + }, + { + "name": "86414", + "refsource": "OSVDB", + "url": "http://osvdb.org/86414" + }, + { + "name": "IC86782", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86782" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4837.json b/2012/4xxx/CVE-2012-4837.json index 480bb1c251b..e6bb8a2e9a1 100644 --- a/2012/4xxx/CVE-2012-4837.json +++ b/2012/4xxx/CVE-2012-4837.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" - }, - { - "name" : "cognos-bi-xpath-injection(78919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" + }, + { + "name": "cognos-bi-xpath-injection(78919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78919" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6507.json b/2012/6xxx/CVE-2012-6507.json index c226868ccbb..62bd5905f55 100644 --- a/2012/6xxx/CVE-2012-6507.json +++ b/2012/6xxx/CVE-2012-6507.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120423 ChurchCMS 0.0.1 'admin.php' Multiple SQLi", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0178.html" - }, - { - "name" : "http://packetstormsecurity.org/files/112106/ChurchCMS-0.0.1-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112106/ChurchCMS-0.0.1-SQL-Injection.html" - }, - { - "name" : "53209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53209" - }, - { - "name" : "churchcms-admin-sql-injection(75110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120423 ChurchCMS 0.0.1 'admin.php' Multiple SQLi", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0178.html" + }, + { + "name": "churchcms-admin-sql-injection(75110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75110" + }, + { + "name": "53209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53209" + }, + { + "name": "http://packetstormsecurity.org/files/112106/ChurchCMS-0.0.1-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112106/ChurchCMS-0.0.1-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6697.json b/2012/6xxx/CVE-2012-6697.json index adfc2de50ff..6c08f34c963 100644 --- a/2012/6xxx/CVE-2012-6697.json +++ b/2012/6xxx/CVE-2012-6697.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880" - }, - { - "name" : "https://github.com/inspircd/inspircd/commit/58c893e834ff20495d00770922", - "refsource" : "CONFIRM", - "url" : "https://github.com/inspircd/inspircd/commit/58c893e834ff20495d00770922" - }, - { - "name" : "DSA-3226", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3226" - }, - { - "name" : "GLSA-201512-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-13" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780880" + }, + { + "name": "GLSA-201512-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-13" + }, + { + "name": "DSA-3226", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3226" + }, + { + "name": "https://github.com/inspircd/inspircd/commit/58c893e834ff20495d00770922", + "refsource": "CONFIRM", + "url": "https://github.com/inspircd/inspircd/commit/58c893e834ff20495d00770922" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2115.json b/2017/2xxx/CVE-2017-2115.json index 3da2fa63f62..703ebe65761 100644 --- a/2017/2xxx/CVE-2017-2115.json +++ b/2017/2xxx/CVE-2017-2115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Office", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0 to 10.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to restrict access" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Office", + "version": { + "version_data": [ + { + "version_value": "10.0.0 to 10.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9737", - "refsource" : "MISC", - "url" : "https://support.cybozu.com/ja-jp/article/9737" - }, - { - "name" : "JVN#17535578", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN17535578/index.html" - }, - { - "name" : "97717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain \"customapp\" information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#17535578", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN17535578/index.html" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/9737", + "refsource": "MISC", + "url": "https://support.cybozu.com/ja-jp/article/9737" + }, + { + "name": "97717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97717" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2439.json b/2017/2xxx/CVE-2017-2439.json index 048c3e8fccd..d58e25af132 100644 --- a/2017/2xxx/CVE-2017-2439.json +++ b/2017/2xxx/CVE-2017-2439.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2447.json b/2017/2xxx/CVE-2017-2447.json index db595df251e..bf0dce8c361 100644 --- a/2017/2xxx/CVE-2017-2447.json +++ b/2017/2xxx/CVE-2017-2447.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41743", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41743/" - }, - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97130" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97130" + }, + { + "name": "41743", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41743/" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2624.json b/2017/2xxx/CVE-2017-2624.json index 824a3fdbea2..a9e1855a59b 100644 --- a/2017/2xxx/CVE-2017-2624.json +++ b/2017/2xxx/CVE-2017-2624.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "xorg-x11-server", - "version" : { - "version_data" : [ - { - "version_value" : "1.19.0" - } - ] - } - } - ] - }, - "vendor_name" : "Xorg" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.9/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-385" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "xorg-x11-server", + "version": { + "version_data": [ + { + "version_value": "1.19.0" + } + ] + } + } + ] + }, + "vendor_name": "Xorg" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624" - }, - { - "name" : "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c", - "refsource" : "CONFIRM", - "url" : "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c" - }, - { - "name" : "GLSA-201704-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-03" - }, - { - "name" : "GLSA-201710-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-30" - }, - { - "name" : "96480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96480" - }, - { - "name" : "1037919", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.9/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-385" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201704-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-03" + }, + { + "name": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c", + "refsource": "CONFIRM", + "url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c" + }, + { + "name": "1037919", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037919" + }, + { + "name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html" + }, + { + "name": "GLSA-201710-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-30" + }, + { + "name": "96480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96480" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2837.json b/2017/2xxx/CVE-2017-2837.json index e737d39ff26..e5fc219b3f0 100644 --- a/2017/2xxx/CVE-2017-2837.json +++ b/2017/2xxx/CVE-2017-2837.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-07-24T00:00:00", - "ID" : "CVE-2017-2837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeRDP", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.0-beta1+android11 - Windows, OSX, Linux" - } - ] - } - } - ] - }, - "vendor_name" : "FreeRDP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-07-24T00:00:00", + "ID": "CVE-2017-2837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeRDP", + "version": { + "version_data": [ + { + "version_value": "2.0.0-beta1+android11 - Windows, OSX, Linux" + } + ] + } + } + ] + }, + "vendor_name": "FreeRDP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339" - }, - { - "name" : "DSA-3923", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3923" - }, - { - "name" : "99942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99942" + }, + { + "name": "DSA-3923", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3923" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6073.json b/2017/6xxx/CVE-2017-6073.json index deab1daeb95..5b7ccbf676e 100644 --- a/2017/6xxx/CVE-2017-6073.json +++ b/2017/6xxx/CVE-2017-6073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6628.json b/2017/6xxx/CVE-2017-6628.json index 446126ba652..d00ca81f18a 100644 --- a/2017/6xxx/CVE-2017-6628.json +++ b/2017/6xxx/CVE-2017-6628.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wide Area Application Services SMART-SSL Accelerator", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wide Area Application Services SMART-SSL Accelerator" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wide Area Application Services SMART-SSL Accelerator", + "version": { + "version_data": [ + { + "version_value": "Cisco Wide Area Application Services SMART-SSL Accelerator" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas" - }, - { - "name" : "98294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98294" - }, - { - "name" : "1038399", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98294" + }, + { + "name": "1038399", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038399" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7008.json b/2017/7xxx/CVE-2017-7008.json index 1156dc22ece..49dccdf06f5 100644 --- a/2017/7xxx/CVE-2017-7008.json +++ b/2017/7xxx/CVE-2017-7008.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"CoreAudio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207922", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207922" - }, - { - "name" : "https://support.apple.com/HT207923", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207923" - }, - { - "name" : "https://support.apple.com/HT207924", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207924" - }, - { - "name" : "99880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99880" - }, - { - "name" : "1038950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the \"CoreAudio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207924", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207924" + }, + { + "name": "https://support.apple.com/HT207923", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207923" + }, + { + "name": "99880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99880" + }, + { + "name": "1038950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038950" + }, + { + "name": "https://support.apple.com/HT207922", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207922" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7216.json b/2017/7xxx/CVE-2017-7216.json index d52728323fb..63dff568241 100644 --- a/2017/7xxx/CVE-2017-7216.json +++ b/2017/7xxx/CVE-2017-7216.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/80", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/80" - }, - { - "name" : "97590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97590" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/80", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/80" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7489.json b/2017/7xxx/CVE-2017-7489.json index b8aae6f36da..6bf2f54994d 100644 --- a/2017/7xxx/CVE-2017-7489.json +++ b/2017/7xxx/CVE-2017-7489.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moodle 2.x and 3.x", - "version" : { - "version_data" : [ - { - "version_value" : "Moodle 2.x and 3.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "incorrect access control" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moodle 2.x and 3.x", + "version": { + "version_data": [ + { + "version_value": "Moodle 2.x and 3.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=352353", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=352353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=352353", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=352353" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10954.json b/2018/10xxx/CVE-2018-10954.json index 521e090deb6..6aba7d2ae01 100644 --- a/2018/10xxx/CVE-2018-10954.json +++ b/2018/10xxx/CVE-2018-10954.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x00222550", - "refsource" : "MISC", - "url" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x00222550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x00222550", + "refsource": "MISC", + "url": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x00222550" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14421.json b/2018/14xxx/CVE-2018-14421.json index b3bc21f1638..c3e6ada9c82 100644 --- a/2018/14xxx/CVE-2018-14421.json +++ b/2018/14xxx/CVE-2018-14421.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hexo.imagemlt.xyz/post/seacms-backend-getshell/index.html", - "refsource" : "MISC", - "url" : "http://hexo.imagemlt.xyz/post/seacms-backend-getshell/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hexo.imagemlt.xyz/post/seacms-backend-getshell/index.html", + "refsource": "MISC", + "url": "http://hexo.imagemlt.xyz/post/seacms-backend-getshell/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14721.json b/2018/14xxx/CVE-2018-14721.json index 9278f44b233..3ecdc46ef77 100644 --- a/2018/14xxx/CVE-2018-14721.json +++ b/2018/14xxx/CVE-2018-14721.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" - }, - { - "name" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", - "refsource" : "CONFIRM", - "url" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" - }, - { - "name" : "https://github.com/FasterXML/jackson-databind/issues/2097", - "refsource" : "CONFIRM", - "url" : "https://github.com/FasterXML/jackson-databind/issues/2097" - }, - { - "name" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", - "refsource" : "CONFIRM", - "url" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" + }, + { + "name": "https://github.com/FasterXML/jackson-databind/issues/2097", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/issues/2097" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" + }, + { + "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15138.json b/2018/15xxx/CVE-2018-15138.json index 08e88997a82..6f8dad57e2f 100644 --- a/2018/15xxx/CVE-2018-15138.json +++ b/2018/15xxx/CVE-2018-15138.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45167", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45167/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45167", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45167/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15167.json b/2018/15xxx/CVE-2018-15167.json index f29ee22eb9f..50426019d50 100644 --- a/2018/15xxx/CVE-2018-15167.json +++ b/2018/15xxx/CVE-2018-15167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15167", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15167", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15195.json b/2018/15xxx/CVE-2018-15195.json index e6488ad9e93..d2d126eaf29 100644 --- a/2018/15xxx/CVE-2018-15195.json +++ b/2018/15xxx/CVE-2018-15195.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15195", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15195", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15446.json b/2018/15xxx/CVE-2018-15446.json index 0b06af37398..6b6ce3af2d2 100644 --- a/2018/15xxx/CVE-2018-15446.json +++ b/2018/15xxx/CVE-2018-15446.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", - "ID" : "CVE-2018-15446", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Meeting Server Information Disclosure Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Meeting Server ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "5.3", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-11-07T16:00:00-0600", + "ID": "CVE-2018-15446", + "STATE": "PUBLIC", + "TITLE": "Cisco Meeting Server Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Meeting Server ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181107 Cisco Meeting Server Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meeting-server" - }, - { - "name" : "105856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105856" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181107-meeting-server", - "defect" : [ - [ - "CSCvk16348" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181107 Cisco Meeting Server Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meeting-server" + }, + { + "name": "105856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105856" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181107-meeting-server", + "defect": [ + [ + "CSCvk16348" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15559.json b/2018/15xxx/CVE-2018-15559.json index b05a0e7e6a0..4a9d5a2e6da 100644 --- a/2018/15xxx/CVE-2018-15559.json +++ b/2018/15xxx/CVE-2018-15559.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The editor in Xiuno BBS 4.0.4 allows stored XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bbs.xiuno.com/thread-148095.htm", - "refsource" : "MISC", - "url" : "https://bbs.xiuno.com/thread-148095.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The editor in Xiuno BBS 4.0.4 allows stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bbs.xiuno.com/thread-148095.htm", + "refsource": "MISC", + "url": "https://bbs.xiuno.com/thread-148095.htm" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20401.json b/2018/20xxx/CVE-2018-20401.json index 6d38f34f6bd..aae2cd96035 100644 --- a/2018/20xxx/CVE-2018-20401.json +++ b/2018/20xxx/CVE-2018-20401.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", - "refsource" : "MISC", - "url" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" - }, - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", + "refsource": "MISC", + "url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" + }, + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20426.json b/2018/20xxx/CVE-2018-20426.json index e8f51a30133..f28909fd1da 100644 --- a/2018/20xxx/CVE-2018-20426.json +++ b/2018/20xxx/CVE-2018-20426.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/162", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/162", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/162" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20557.json b/2018/20xxx/CVE-2018-20557.json index 4d75fb1434b..6113b145940 100644 --- a/2018/20xxx/CVE-2018-20557.json +++ b/2018/20xxx/CVE-2018-20557.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss3", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss3", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss3" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20794.json b/2018/20xxx/CVE-2018-20794.json index efd309c4284..5127d634652 100644 --- a/2018/20xxx/CVE-2018-20794.json +++ b/2018/20xxx/CVE-2018-20794.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45987", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45987", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45987" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9257.json b/2018/9xxx/CVE-2018-9257.json index ce21781485e..9f70d9b09db 100644 --- a/2018/9xxx/CVE-2018-9257.json +++ b/2018/9xxx/CVE-2018-9257.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-22.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-22.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-22.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-22.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9556.json b/2018/9xxx/CVE-2018-9556.json index d34a227950f..27be89f5081 100644 --- a/2018/9xxx/CVE-2018-9556.json +++ b/2018/9xxx/CVE-2018-9556.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-12-01" - }, - { - "name" : "106147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106147" + }, + { + "name": "https://source.android.com/security/bulletin/2018-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9707.json b/2018/9xxx/CVE-2018-9707.json index 6482fc235ca..25fca90fe34 100644 --- a/2018/9xxx/CVE-2018-9707.json +++ b/2018/9xxx/CVE-2018-9707.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9707", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9707", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9911.json b/2018/9xxx/CVE-2018-9911.json index 1d61220507a..81b5436ff77 100644 --- a/2018/9xxx/CVE-2018-9911.json +++ b/2018/9xxx/CVE-2018-9911.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9911", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9911", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file