diff --git a/2002/0xxx/CVE-2002-0386.json b/2002/0xxx/CVE-2002-0386.json index 9249d6c5a5c..5a3356780fd 100644 --- a/2002/0xxx/CVE-2002-0386.json +++ b/2002/0xxx/CVE-2002-0386.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a \"..\" (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A102802-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2002/a102802-1.txt" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf" - }, - { - "name" : "5902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5902" - }, - { - "name" : "oracle-appserver-webcachemanager-dos(10284)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10284.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a \"..\" (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-appserver-webcachemanager-dos(10284)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10284.php" + }, + { + "name": "A102802-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2002/a102802-1.txt" + }, + { + "name": "5902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5902" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0431.json b/2002/0xxx/CVE-2002-0431.json index c39c98c061a..567e2cba5e3 100644 --- a/2002/0xxx/CVE-2002-0431.json +++ b/2002/0xxx/CVE-2002-0431.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020309 xtux server DoS.", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/260912" - }, - { - "name" : "https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206", - "refsource" : "MISC", - "url" : "https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206" - }, - { - "name" : "4260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4260" - }, - { - "name" : "xtux-server-dos(8422)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8422.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xtux-server-dos(8422)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8422.php" + }, + { + "name": "20020309 xtux server DoS.", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/260912" + }, + { + "name": "4260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4260" + }, + { + "name": "https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206", + "refsource": "MISC", + "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0839.json b/2002/0xxx/CVE-2002-0839.json index a9ae03c6a62..64e92c256bf 100644 --- a/2002/0xxx/CVE-2002-0839.json +++ b/2002/0xxx/CVE-2002-0839.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021003 iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html" - }, - { - "name" : "http://www.apacheweek.com/issues/02-10-04", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/issues/02-10-04" - }, - { - "name" : "http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2" - }, - { - "name" : "CLA-2002:530", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530" - }, - { - "name" : "ESA-20021007-024", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/other_advisory-2414.html" - }, - { - "name" : "HPSBOV02683", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "SSRT090208", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "MDKSA-2002:068", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php" - }, - { - "name" : "DSA-187", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-187" - }, - { - "name" : "DSA-188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-188" - }, - { - "name" : "DSA-195", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-195" - }, - { - "name" : "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103376585508776&w=2" - }, - { - "name" : "20021105-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I" - }, - { - "name" : "HPSBUX0210-224", - "refsource" : "HP", - "url" : "http://online.securityfocus.com/advisories/4617" - }, - { - "name" : "20021015 GLSA: apache", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html" - }, - { - "name" : "20021017 TSLSA-2002-0069-apache", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html" - }, - { - "name" : "5884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5884" - }, - { - "name" : "apache-scorecard-memory-overwrite(10280)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10280.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-188" + }, + { + "name": "http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2" + }, + { + "name": "ESA-20021007-024", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html" + }, + { + "name": "20021105-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I" + }, + { + "name": "HPSBUX0210-224", + "refsource": "HP", + "url": "http://online.securityfocus.com/advisories/4617" + }, + { + "name": "DSA-187", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-187" + }, + { + "name": "SSRT090208", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "20021003 iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html" + }, + { + "name": "http://www.apacheweek.com/issues/02-10-04", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/issues/02-10-04" + }, + { + "name": "5884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5884" + }, + { + "name": "DSA-195", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-195" + }, + { + "name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103376585508776&w=2" + }, + { + "name": "apache-scorecard-memory-overwrite(10280)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10280.php" + }, + { + "name": "MDKSA-2002:068", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php" + }, + { + "name": "HPSBOV02683", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "CLA-2002:530", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530" + }, + { + "name": "20021017 TSLSA-2002-0069-apache", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html" + }, + { + "name": "20021015 GLSA: apache", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0908.json b/2002/0xxx/CVE-2002-0908.json index 8281b4f1289..e91189d6269 100644 --- a/2002/0xxx/CVE-2002-0908.json +++ b/2002/0xxx/CVE-2002-0908.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020524 Cisco IDS Device Manager 3.1.1 Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0214.html" - }, - { - "name" : "4760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4760" - }, - { - "name" : "cisco-ids-directory-traversal(9174)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9174.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-ids-directory-traversal(9174)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9174.php" + }, + { + "name": "20020524 Cisco IDS Device Manager 3.1.1 Advisory", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0214.html" + }, + { + "name": "4760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4760" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0916.json b/2002/0xxx/CVE-2002-0916.json index c63db6d466a..277d25d7eef 100644 --- a/2002/0xxx/CVE-2002-0916.json +++ b/2002/0xxx/CVE-2002-0916.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0087.html" - }, - { - "name" : "20020604 [DER #11] - Remotey exploitable fmt string bug in squid", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/275347" - }, - { - "name" : "http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz" - }, - { - "name" : "4929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4929" - }, - { - "name" : "msntauth-squid-format-string(9248)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9248.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0087.html" + }, + { + "name": "msntauth-squid-format-string(9248)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9248.php" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz" + }, + { + "name": "20020604 [DER #11] - Remotey exploitable fmt string bug in squid", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/275347" + }, + { + "name": "4929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4929" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1098.json b/2002/1xxx/CVE-2002-1098.json index 24072289476..abc413a6ab2 100644 --- a/2002/1xxx/CVE-2002-1098.json +++ b/2002/1xxx/CVE-2002-1098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an \"HTTPS on Public Inbound (XML-Auto)(forward/in)\" rule but sets the protocol to \"ANY\" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" - }, - { - "name" : "cisco-vpn-xml-filter(10023)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10023.php" - }, - { - "name" : "5614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an \"HTTPS on Public Inbound (XML-Auto)(forward/in)\" rule but sets the protocol to \"ANY\" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" + }, + { + "name": "5614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5614" + }, + { + "name": "cisco-vpn-xml-filter(10023)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10023.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1144.json b/2002/1xxx/CVE-2002-1144.json index 2111a02f1b4..a6246527018 100644 --- a/2002/1xxx/CVE-2002-1144.json +++ b/2002/1xxx/CVE-2002-1144.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1144", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1144", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1310.json b/2002/1xxx/CVE-2002-1310.json index 5803f253370..180be5df676 100644 --- a/2002/1xxx/CVE-2002-1310.json +++ b/2002/1xxx/CVE-2002-1310.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html" - }, - { - "name" : "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html" - }, - { - "name" : "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&r=1&b=200211&w=2" - }, - { - "name" : "AD20021112", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/Research/Advisories/AD20021112.html" - }, - { - "name" : "6122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6122" - }, - { - "name" : "jrun-long-url-bo(10568)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6122" + }, + { + "name": "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&r=1&b=200211&w=2" + }, + { + "name": "AD20021112", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/Research/Advisories/AD20021112.html" + }, + { + "name": "20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html" + }, + { + "name": "jrun-long-url-bo(10568)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10568" + }, + { + "name": "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1636.json b/2002/1xxx/CVE-2002-1636.json index 4b64c2ea2cf..a8507dfae9c 100644 --- a/2002/1xxx/CVE-2002-1636.json +++ b/2002/1xxx/CVE-2002-1636.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nextgenss.com/papers/hpoas.pdf", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/papers/hpoas.pdf" - }, - { - "name" : "oracle-htpprint-xss(10687)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-htpprint-xss(10687)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10687" + }, + { + "name": "http://www.nextgenss.com/papers/hpoas.pdf", + "refsource": "MISC", + "url": "http://www.nextgenss.com/papers/hpoas.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1911.json b/2002/1xxx/CVE-2002-1911.json index 22d8b69347b..adfae887383 100644 --- a/2002/1xxx/CVE-2002-1911.json +++ b/2002/1xxx/CVE-2002-1911.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021016 NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/295434" - }, - { - "name" : "20021017 Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0238.html" - }, - { - "name" : "5975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5975" - }, - { - "name" : "zonealarm-synflood-dos(10379)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10379.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5975" + }, + { + "name": "20021017 Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0238.html" + }, + { + "name": "20021016 NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/295434" + }, + { + "name": "zonealarm-synflood-dos(10379)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10379.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2335.json b/2002/2xxx/CVE-2002-2335.json index 58bfab4537f..254a0eed92f 100644 --- a/2002/2xxx/CVE-2002-2335.json +++ b/2002/2xxx/CVE-2002-2335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021006 phpSecurePages & Killer Protection ( PHP )", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/294208" - }, - { - "name" : "5905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5905" - }, - { - "name" : "killer-protection-vars-password(10315)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10315.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "killer-protection-vars-password(10315)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10315.php" + }, + { + "name": "5905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5905" + }, + { + "name": "20021006 phpSecurePages & Killer Protection ( PHP )", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/294208" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2356.json b/2002/2xxx/CVE-2002-2356.json index 0abff4651d9..84cee57ee54 100644 --- a/2002/2xxx/CVE-2002-2356.json +++ b/2002/2xxx/CVE-2002-2356.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hamweather.net/hw3/hw2securityalert.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.hamweather.net/hw3/hw2securityalert.shtml" - }, - { - "name" : "1005270", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005270" - }, - { - "name" : "hamweather-hwadmin-web-admin(10182)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10182.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hamweather.net/hw3/hw2securityalert.shtml", + "refsource": "CONFIRM", + "url": "http://www.hamweather.net/hw3/hw2securityalert.shtml" + }, + { + "name": "1005270", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005270" + }, + { + "name": "hamweather-hwadmin-web-admin(10182)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10182.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1175.json b/2005/1xxx/CVE-2005-1175.json index 4718aff0f42..5550d4a16a7 100644 --- a/2005/1xxx/CVE-2005-1175.json +++ b/2005/1xxx/CVE-2005-1175.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112122123211974&w=2" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt" - }, - { - "name" : "IY85474", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "DSA-757", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-757" - }, - { - "name" : "RHSA-2005:562", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-562.html" - }, - { - "name" : "RHSA-2005:567", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-567.html" - }, - { - "name" : "20050703-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc" - }, - { - "name" : "101809", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1" - }, - { - "name" : "SUSE-SR:2005:017", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_17_sr.html" - }, - { - "name" : "TLSA-2005-78", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt" - }, - { - "name" : "2005-0036", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0036" - }, - { - "name" : "USN-224-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/224-1/" - }, - { - "name" : "VU#885830", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/885830" - }, - { - "name" : "14236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14236" - }, - { - "name" : "oval:org.mitre.oval:def:9902", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9902" - }, - { - "name" : "ADV-2005-1066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1066" - }, - { - "name" : "ADV-2006-2074", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2074" - }, - { - "name" : "oval:org.mitre.oval:def:736", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A736" - }, - { - "name" : "1014460", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014460" - }, - { - "name" : "16041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16041" - }, - { - "name" : "17899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17899" - }, - { - "name" : "17135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17135" - }, - { - "name" : "20364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20364" - }, - { - "name" : "kerberos-kdc-krb5-udp-tcp-bo(21328)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kerberos-kdc-krb5-udp-tcp-bo(21328)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21328" + }, + { + "name": "20364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20364" + }, + { + "name": "RHSA-2005:567", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-567.html" + }, + { + "name": "oval:org.mitre.oval:def:736", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A736" + }, + { + "name": "SUSE-SR:2005:017", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_17_sr.html" + }, + { + "name": "14236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14236" + }, + { + "name": "20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112122123211974&w=2" + }, + { + "name": "1014460", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014460" + }, + { + "name": "ADV-2006-2074", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2074" + }, + { + "name": "RHSA-2005:562", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-562.html" + }, + { + "name": "101809", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1" + }, + { + "name": "TLSA-2005-78", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt" + }, + { + "name": "IY85474", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474" + }, + { + "name": "oval:org.mitre.oval:def:9902", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9902" + }, + { + "name": "20050703-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc" + }, + { + "name": "16041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16041" + }, + { + "name": "USN-224-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/224-1/" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt" + }, + { + "name": "DSA-757", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-757" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "17135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17135" + }, + { + "name": "17899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17899" + }, + { + "name": "ADV-2005-1066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1066" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "VU#885830", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/885830" + }, + { + "name": "2005-0036", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0036" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1695.json b/2005/1xxx/CVE-2005-1695.json index ca4f99e0272..e6cef5ff1a9 100644 --- a/2005/1xxx/CVE-2005-1695.json +++ b/2005/1xxx/CVE-2005-1695.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050521 [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111670482500552&w=2" - }, - { - "name" : "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111670506926649&w=2" - }, - { - "name" : "http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691", - "refsource" : "CONFIRM", - "url" : "http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050521 [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111670482500552&w=2" + }, + { + "name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111670506926649&w=2" + }, + { + "name": "http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691", + "refsource": "CONFIRM", + "url": "http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0855.json b/2009/0xxx/CVE-2009-0855.json index db17de93a58..76bd9312549 100644 --- a/2009/0xxx/CVE-2009-0855.json +++ b/2009/0xxx/CVE-2009-0855.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK77505", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77505" - }, - { - "name" : "PK81212", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK81212" - }, - { - "name" : "PK82988", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK82988" - }, - { - "name" : "34001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34001" - }, - { - "name" : "34259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34259" - }, - { - "name" : "34131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34131" - }, - { - "name" : "34461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34461" - }, - { - "name" : "ADV-2009-0607", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0607" - }, - { - "name" : "ADV-2009-0854", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0854", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0854" + }, + { + "name": "34259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34259" + }, + { + "name": "ADV-2009-0607", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0607" + }, + { + "name": "34131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34131" + }, + { + "name": "34461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34461" + }, + { + "name": "PK81212", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK81212" + }, + { + "name": "PK77505", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77505" + }, + { + "name": "34001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34001" + }, + { + "name": "PK82988", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK82988" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1168.json b/2009/1xxx/CVE-2009-1168.json index 7f5ad415391..1047512f8bf 100644 --- a/2009/1xxx/CVE-2009-1168.json +++ b/2009/1xxx/CVE-2009-1168.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-1168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090729 Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080aea4c9.shtml" - }, - { - "name" : "35862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35862" - }, - { - "name" : "oval:org.mitre.oval:def:6697", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6697" - }, - { - "name" : "1022619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022619" - }, - { - "name" : "36046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36046" - }, - { - "name" : "ADV-2009-2082", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090729 Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080aea4c9.shtml" + }, + { + "name": "oval:org.mitre.oval:def:6697", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6697" + }, + { + "name": "36046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36046" + }, + { + "name": "ADV-2009-2082", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2082" + }, + { + "name": "1022619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022619" + }, + { + "name": "35862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35862" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1318.json b/2009/1xxx/CVE-2009-1318.json index 554f6372655..4d91a1b6e89 100644 --- a/2009/1xxx/CVE-2009-1318.json +++ b/2009/1xxx/CVE-2009-1318.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8423", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8423" - }, - { - "name" : "http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1470", - "refsource" : "CONFIRM", - "url" : "http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1470" - }, - { - "name" : "34511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34511" - }, - { - "name" : "jamroom-index-file-include(49869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8423", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8423" + }, + { + "name": "http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1470", + "refsource": "CONFIRM", + "url": "http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1470" + }, + { + "name": "34511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34511" + }, + { + "name": "jamroom-index-file-include(49869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49869" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1537.json b/2009/1xxx/CVE-2009-1537.json index 1b968833136..0bf0695c16d 100644 --- a/2009/1xxx/CVE-2009-1537.json +++ b/2009/1xxx/CVE-2009-1537.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka \"DirectX NULL Byte Overwrite Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://isc.sans.org/diary.html?storyid=6481", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=6481" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx" - }, - { - "name" : "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/971778.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/971778.mspx" - }, - { - "name" : "MS09-028", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028" - }, - { - "name" : "TA09-195A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" - }, - { - "name" : "35139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35139" - }, - { - "name" : "54797", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54797" - }, - { - "name" : "oval:org.mitre.oval:def:6237", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237" - }, - { - "name" : "1022299", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022299" - }, - { - "name" : "35268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35268" - }, - { - "name" : "ADV-2009-1445", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1445" - }, - { - "name" : "ADV-2009-1886", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka \"DirectX NULL Byte Overwrite Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS09-028", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028" + }, + { + "name": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx" + }, + { + "name": "oval:org.mitre.oval:def:6237", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237" + }, + { + "name": "35268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35268" + }, + { + "name": "1022299", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022299" + }, + { + "name": "ADV-2009-1886", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1886" + }, + { + "name": "ADV-2009-1445", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1445" + }, + { + "name": "54797", + "refsource": "OSVDB", + "url": "http://osvdb.org/54797" + }, + { + "name": "35139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35139" + }, + { + "name": "TA09-195A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=6481", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=6481" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/971778.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/971778.mspx" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1756.json b/2009/1xxx/CVE-2009-1756.json index be56445768b..82bc57403cc 100644 --- a/2009/1xxx/CVE-2009-1756.json +++ b/2009/1xxx/CVE-2009-1756.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090518 CVE id request: slim", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/18/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306" - }, - { - "name" : "FEDORA-2009-13551", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00000.html" - }, - { - "name" : "FEDORA-2009-13552", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00009.html" - }, - { - "name" : "35015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35015" - }, - { - "name" : "54583", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54583" - }, - { - "name" : "35132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35132" - }, - { - "name" : "38070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38070" - }, - { - "name" : "slim-xauthority-info-disclosure(50611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54583", + "refsource": "OSVDB", + "url": "http://osvdb.org/54583" + }, + { + "name": "slim-xauthority-info-disclosure(50611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50611" + }, + { + "name": "35015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35015" + }, + { + "name": "FEDORA-2009-13551", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00000.html" + }, + { + "name": "38070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38070" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306" + }, + { + "name": "FEDORA-2009-13552", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00009.html" + }, + { + "name": "[oss-security] 20090518 CVE id request: slim", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/18/2" + }, + { + "name": "35132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35132" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5093.json b/2009/5xxx/CVE-2009-5093.json index dd4ae00c31c..11bc06cbd45 100644 --- a/2009/5xxx/CVE-2009-5093.json +++ b/2009/5xxx/CVE-2009-5093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8027", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8027" - }, - { - "name" : "33707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33707" - }, - { - "name" : "gastbuch-gastbuch-file-include(48644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in gastbuch.php in G\u00e4stebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33707" + }, + { + "name": "8027", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8027" + }, + { + "name": "gastbuch-gastbuch-file-include(48644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48644" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0042.json b/2012/0xxx/CVE-2012-0042.json index a0d99884a9c..8606dd98ebe 100644 --- a/2012/0xxx/CVE-2012-0042.json +++ b/2012/0xxx/CVE-2012-0042.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/11/7" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40194", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40194" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-02.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "RHSA-2013:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html" - }, - { - "name" : "oval:org.mitre.oval:def:15368", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15368" - }, - { - "name" : "1026507", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026507" - }, - { - "name" : "48947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48947" - }, - { - "name" : "47494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47494" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-02.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-02.html" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "RHSA-2013:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html" + }, + { + "name": "48947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48947" + }, + { + "name": "[oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/11/7" + }, + { + "name": "1026507", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026507" + }, + { + "name": "47494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47494" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40194", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40194" + }, + { + "name": "oval:org.mitre.oval:def:15368", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15368" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0122.json b/2012/0xxx/CVE-2012-0122.json index b9f45da53e6..20ee6c6b2c4 100644 --- a/2012/0xxx/CVE-2012-0122.json +++ b/2012/0xxx/CVE-2012-0122.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-0122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02746", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/521944" - }, - { - "name" : "SSRT100781", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/521944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100781", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/521944" + }, + { + "name": "HPSBMU02746", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/521944" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0553.json b/2012/0xxx/CVE-2012-0553.json index 50c2c80b16f..7bfeeb1f85d 100644 --- a/2012/0xxx/CVE-2012-0553.json +++ b/2012/0xxx/CVE-2012-0553.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html", - "refsource" : "MISC", - "url" : "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "52445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52445" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html", + "refsource": "MISC", + "url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow" + }, + { + "name": "52445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52445" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2748.json b/2012/2xxx/CVE-2012-2748.json index 6b2c9997657..2d2cf890cc2 100644 --- a/2012/2xxx/CVE-2012-2748.json +++ b/2012/2xxx/CVE-2012-2748.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to \"Inadequate filtering\" and a \"SQL error.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120619 Re: Joomla! Security News 2012-06-19", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/19/2" - }, - { - "name" : "http://developer.joomla.org/security/news/471-20120602-core-information-disclosure", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/471-20120602-core-information-disclosure" - }, - { - "name" : "http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html" - }, - { - "name" : "54073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54073" - }, - { - "name" : "83069", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83069" - }, - { - "name" : "49605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49605" - }, - { - "name" : "joomla-unspecified1-information-disclosure(76414)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to \"Inadequate filtering\" and a \"SQL error.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html" + }, + { + "name": "49605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49605" + }, + { + "name": "[oss-security] 20120619 Re: Joomla! Security News 2012-06-19", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/19/2" + }, + { + "name": "83069", + "refsource": "OSVDB", + "url": "http://osvdb.org/83069" + }, + { + "name": "54073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54073" + }, + { + "name": "joomla-unspecified1-information-disclosure(76414)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76414" + }, + { + "name": "http://developer.joomla.org/security/news/471-20120602-core-information-disclosure", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/471-20120602-core-information-disclosure" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2840.json b/2012/2xxx/CVE-2012-2840.json index 0e8af53b789..f1ff9c33434 100644 --- a/2012/2xxx/CVE-2012-2840.json +++ b/2012/2xxx/CVE-2012-2840.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" - }, - { - "name" : "DSA-2559", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2559" - }, - { - "name" : "RHSA-2012:1255", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1255.html" - }, - { - "name" : "SUSE-SU-2012:0903", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" - }, - { - "name" : "USN-1513-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1513-1" - }, - { - "name" : "54437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54437" - }, - { - "name" : "49988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54437" + }, + { + "name": "DSA-2559", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2559" + }, + { + "name": "SUSE-SU-2012:0903", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" + }, + { + "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" + }, + { + "name": "49988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49988" + }, + { + "name": "RHSA-2012:1255", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html" + }, + { + "name": "USN-1513-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1513-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3378.json b/2012/3xxx/CVE-2012-3378.json index 864ff4a9298..9c608900b40 100644 --- a/2012/3xxx/CVE-2012-3378.json +++ b/2012/3xxx/CVE-2012-3378.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/05/1" - }, - { - "name" : "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/06/3" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=678348", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=678348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026" + }, + { + "name": "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=678348", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=678348" + }, + { + "name": "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/06/3" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3428.json b/2012/3xxx/CVE-2012-3428.json index 1b3cfa5a0ad..8b4ac1b47ae 100644 --- a/2012/3xxx/CVE-2012-3428.json +++ b/2012/3xxx/CVE-2012-3428.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.jboss.org/browse/JBPAPP-9584", - "refsource" : "MISC", - "url" : "https://issues.jboss.org/browse/JBPAPP-9584" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=843358", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=843358" - }, - { - "name" : "https://issues.jboss.org/browse/JBJCA-864", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/JBJCA-864" - }, - { - "name" : "https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522" - }, - { - "name" : "RHSA-2012:1591", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1591.html" - }, - { - "name" : "RHSA-2012:1592", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1592.html" - }, - { - "name" : "RHSA-2012:1594", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1594.html" - }, - { - "name" : "51607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.jboss.org/browse/JBPAPP-9584", + "refsource": "MISC", + "url": "https://issues.jboss.org/browse/JBPAPP-9584" + }, + { + "name": "RHSA-2012:1594", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" + }, + { + "name": "https://issues.jboss.org/browse/JBJCA-864", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/JBJCA-864" + }, + { + "name": "51607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51607" + }, + { + "name": "https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=843358", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843358" + }, + { + "name": "RHSA-2012:1592", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" + }, + { + "name": "RHSA-2012:1591", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3523.json b/2012/3xxx/CVE-2012-3523.json index 7850d2c5116..8b8b57fc049 100644 --- a/2012/3xxx/CVE-2012-3523.json +++ b/2012/3xxx/CVE-2012-3523.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDVSA-2012:156", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:156" - }, - { - "name" : "openSUSE-SU-2012:1171", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html" - }, - { - "name" : "50661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2012:156", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:156" + }, + { + "name": "50661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50661" + }, + { + "name": "openSUSE-SU-2012:1171", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3683.json b/2012/3xxx/CVE-2012-3683.json index d4ff4a2f009..942d897d15c 100644 --- a/2012/3xxx/CVE-2012-3683.json +++ b/2012/3xxx/CVE-2012-3683.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4247.json b/2012/4xxx/CVE-2012-4247.json index 7581709f32e..823af96dc5f 100644 --- a/2012/4xxx/CVE-2012-4247.json +++ b/2012/4xxx/CVE-2012-4247.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.httpcs.com/advisories", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisories" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs1", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs1" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs2", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs2" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs3", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs3" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs4", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs4" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs6", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs6" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs7", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs7" - }, - { - "name" : "http://www.phplist.com/?lid=579", - "refsource" : "CONFIRM", - "url" : "http://www.phplist.com/?lid=579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phplist.com/?lid=579", + "refsource": "CONFIRM", + "url": "http://www.phplist.com/?lid=579" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs1", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs1" + }, + { + "name": "https://www.httpcs.com/advisories", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisories" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs4", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs4" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs3", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs3" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs2", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs2" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs6", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs6" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs7", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs7" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4328.json b/2012/4xxx/CVE-2012-4328.json index 81cbe2a8c13..b271fad943c 100644 --- a/2012/4xxx/CVE-2012-4328.json +++ b/2012/4xxx/CVE-2012-4328.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vbulletin.com/forum/showthread.php/400162-vBulletin-3-x-MAPI-Plugin-1-4-3-released-with-security-patch-04-23-2012", - "refsource" : "CONFIRM", - "url" : "https://www.vbulletin.com/forum/showthread.php/400162-vBulletin-3-x-MAPI-Plugin-1-4-3-released-with-security-patch-04-23-2012" - }, - { - "name" : "https://www.vbulletin.com/forum/showthread.php/400164-vBulletin-Security-Patch-for-vBulletin-4-1-2-4-1-11-for-Suite-amp-Forum-04-23-2012", - "refsource" : "CONFIRM", - "url" : "https://www.vbulletin.com/forum/showthread.php/400164-vBulletin-Security-Patch-for-vBulletin-4-1-2-4-1-11-for-Suite-amp-Forum-04-23-2012" - }, - { - "name" : "https://www.vbulletin.com/forum/showthread.php/400165-vBulletin-Security-Patch-for-vBulletin-4-1-12-for-Suite-amp-Forum-04-23-2012", - "refsource" : "CONFIRM", - "url" : "https://www.vbulletin.com/forum/showthread.php/400165-vBulletin-Security-Patch-for-vBulletin-4-1-12-for-Suite-amp-Forum-04-23-2012" - }, - { - "name" : "53226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53226" - }, - { - "name" : "81474", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81474" - }, - { - "name" : "48917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48917" - }, - { - "name" : "vbulletin-mapi-unspecified(75160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vbulletin.com/forum/showthread.php/400165-vBulletin-Security-Patch-for-vBulletin-4-1-12-for-Suite-amp-Forum-04-23-2012", + "refsource": "CONFIRM", + "url": "https://www.vbulletin.com/forum/showthread.php/400165-vBulletin-Security-Patch-for-vBulletin-4-1-12-for-Suite-amp-Forum-04-23-2012" + }, + { + "name": "81474", + "refsource": "OSVDB", + "url": "http://osvdb.org/81474" + }, + { + "name": "https://www.vbulletin.com/forum/showthread.php/400164-vBulletin-Security-Patch-for-vBulletin-4-1-2-4-1-11-for-Suite-amp-Forum-04-23-2012", + "refsource": "CONFIRM", + "url": "https://www.vbulletin.com/forum/showthread.php/400164-vBulletin-Security-Patch-for-vBulletin-4-1-2-4-1-11-for-Suite-amp-Forum-04-23-2012" + }, + { + "name": "48917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48917" + }, + { + "name": "53226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53226" + }, + { + "name": "https://www.vbulletin.com/forum/showthread.php/400162-vBulletin-3-x-MAPI-Plugin-1-4-3-released-with-security-patch-04-23-2012", + "refsource": "CONFIRM", + "url": "https://www.vbulletin.com/forum/showthread.php/400162-vBulletin-3-x-MAPI-Plugin-1-4-3-released-with-security-patch-04-23-2012" + }, + { + "name": "vbulletin-mapi-unspecified(75160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75160" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4364.json b/2012/4xxx/CVE-2012-4364.json index 5a5d6991e0b..649983687c8 100644 --- a/2012/4xxx/CVE-2012-4364.json +++ b/2012/4xxx/CVE-2012-4364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4896.json b/2012/4xxx/CVE-2012-4896.json index 0e80107bf1b..4d0602d2e19 100644 --- a/2012/4xxx/CVE-2012-4896.json +++ b/2012/4xxx/CVE-2012-4896.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://technet.microsoft.com/security/msvr/msvr12-014", - "refsource" : "MISC", - "url" : "http://technet.microsoft.com/security/msvr/msvr12-014" - }, - { - "name" : "http://code.google.com/p/sumatrapdf/source/browse/trunk/docs/releasenotes.txt", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/sumatrapdf/source/browse/trunk/docs/releasenotes.txt" - }, - { - "name" : "50656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50656" + }, + { + "name": "http://code.google.com/p/sumatrapdf/source/browse/trunk/docs/releasenotes.txt", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/sumatrapdf/source/browse/trunk/docs/releasenotes.txt" + }, + { + "name": "http://technet.microsoft.com/security/msvr/msvr12-014", + "refsource": "MISC", + "url": "http://technet.microsoft.com/security/msvr/msvr12-014" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6456.json b/2012/6xxx/CVE-2012-6456.json index 4ab19747eb7..44aabc5fe32 100644 --- a/2012/6xxx/CVE-2012-6456.json +++ b/2012/6xxx/CVE-2012-6456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6556.json b/2012/6xxx/CVE-2012-6556.json index e2c84523933..041d9fab59d 100644 --- a/2012/6xxx/CVE-2012-6556.json +++ b/2012/6xxx/CVE-2012-6556.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18912", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18912" - }, - { - "name" : "http://www.henryhoggard.co.uk/security/197", - "refsource" : "MISC", - "url" : "http://www.henryhoggard.co.uk/security/197" - }, - { - "name" : "53637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53637" - }, - { - "name" : "49215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18912", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18912" + }, + { + "name": "53637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53637" + }, + { + "name": "http://www.henryhoggard.co.uk/security/197", + "refsource": "MISC", + "url": "http://www.henryhoggard.co.uk/security/197" + }, + { + "name": "49215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49215" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2155.json b/2017/2xxx/CVE-2017-2155.json index cefd290bc1e..260dcce1002 100644 --- a/2017/2xxx/CVE-2017-2155.json +++ b/2017/2xxx/CVE-2017-2155.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hoozin Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "Ver2" - } - ] - } - }, - { - "product_name" : "Hoozin Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "Ver3" - } - ] - } - }, - { - "product_name" : "Hoozin Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "Ver4.1.5.15 and earlier" - } - ] - } - }, - { - "product_name" : "Hoozin Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "Ver5.1.2.13 and earlier" - } - ] - } - }, - { - "product_name" : "Hoozin Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "Ver6.0.3.09 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "ICON CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hoozin Viewer", + "version": { + "version_data": [ + { + "version_value": "Ver2" + } + ] + } + }, + { + "product_name": "Hoozin Viewer", + "version": { + "version_data": [ + { + "version_value": "Ver3" + } + ] + } + }, + { + "product_name": "Hoozin Viewer", + "version": { + "version_data": [ + { + "version_value": "Ver4.1.5.15 and earlier" + } + ] + } + }, + { + "product_name": "Hoozin Viewer", + "version": { + "version_data": [ + { + "version_value": "Ver5.1.2.13 and earlier" + } + ] + } + }, + { + "product_name": "Hoozin Viewer", + "version": { + "version_data": [ + { + "version_value": "Ver6.0.3.09 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "ICON CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.icon-co.jp/news/20170420/index.html", - "refsource" : "MISC", - "url" : "http://www.icon-co.jp/news/20170420/index.html" - }, - { - "name" : "JVN#93931029", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN93931029/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.icon-co.jp/news/20170420/index.html", + "refsource": "MISC", + "url": "http://www.icon-co.jp/news/20170420/index.html" + }, + { + "name": "JVN#93931029", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN93931029/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2190.json b/2017/2xxx/CVE-2017-2190.json index 18be0fac6fb..dd005e4fed1 100644 --- a/2017/2xxx/CVE-2017-2190.json +++ b/2017/2xxx/CVE-2017-2190.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RW-4040 tool to verify execution environment for Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.2.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Sharp Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RW-4040 tool to verify execution environment for Windows 7", + "version": { + "version_data": [ + { + "version_value": "version 1.2.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Sharp Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#51274854", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN51274854/index.html" - }, - { - "name" : "99290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99290" + }, + { + "name": "JVN#51274854", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN51274854/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2367.json b/2017/2xxx/CVE-2017-2367.json index 38cfda1f4b8..fa7a5c0e703 100644 --- a/2017/2xxx/CVE-2017-2367.json +++ b/2017/2xxx/CVE-2017-2367.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41801", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41801/" - }, - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97130" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97130" + }, + { + "name": "41801", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41801/" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2813.json b/2017/2xxx/CVE-2017-2813.json index c264bf8d123..b0a89f85668 100644 --- a/2017/2xxx/CVE-2017-2813.json +++ b/2017/2xxx/CVE-2017-2813.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Irfanview", - "version" : { - "version_data" : [ - { - "version_value" : "4.44" - } - ] - } - } - ] - }, - "vendor_name" : "Irfanview" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "arbitrary code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Irfanview", + "version": { + "version_data": [ + { + "version_value": "4.44" + } + ] + } + } + ] + }, + "vendor_name": "Irfanview" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0310", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0310" - }, - { - "name" : "98046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0310", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0310" + }, + { + "name": "98046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98046" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6411.json b/2017/6xxx/CVE-2017-6411.json index d8c10c1a30f..37be1bbb874 100644 --- a/2017/6xxx/CVE-2017-6411.json +++ b/2017/6xxx/CVE-2017-6411.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41478", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41478/" - }, - { - "name" : "96560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41478", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41478/" + }, + { + "name": "96560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96560" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6415.json b/2017/6xxx/CVE-2017-6415.json index e0c6368cb41..a4c42c47c4b 100644 --- a/2017/6xxx/CVE-2017-6415.json +++ b/2017/6xxx/CVE-2017-6415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308" - }, - { - "name" : "https://github.com/radare/radare2/issues/6872", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/6872" - }, - { - "name" : "96523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96523" + }, + { + "name": "https://github.com/radare/radare2/issues/6872", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/6872" + }, + { + "name": "https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6682.json b/2017/6xxx/CVE-2017-6682.json index 736b7f48c65..b6231fa9c30 100644 --- a/2017/6xxx/CVE-2017-6682.json +++ b/2017/6xxx/CVE-2017-6682.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Elastic Services Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Elastic Services Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary Command Execution Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Elastic Services Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Elastic Services Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1" - }, - { - "name" : "98951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Command Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98951" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6723.json b/2017/6xxx/CVE-2017-6723.json index 8d4bed10f37..7e9364b796c 100644 --- a/2017/6xxx/CVE-2017-6723.json +++ b/2017/6xxx/CVE-2017-6723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6723", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6723", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7117.json b/2017/7xxx/CVE-2017-7117.json index 1397650bf21..cfa4d83ec0c 100644 --- a/2017/7xxx/CVE-2017-7117.json +++ b/2017/7xxx/CVE-2017-7117.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42955", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42955/" - }, - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208141" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "101006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101006" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208141" + }, + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "42955", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42955/" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "101006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101006" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "1039428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039428" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11398.json b/2018/11xxx/CVE-2018-11398.json index 5e835488655..a42aaeb1fa9 100644 --- a/2018/11xxx/CVE-2018-11398.json +++ b/2018/11xxx/CVE-2018-11398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11398", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11398", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11473.json b/2018/11xxx/CVE-2018-11473.json index 4e0b594384b..efa6659e8a9 100644 --- a/2018/11xxx/CVE-2018-11473.json +++ b/2018/11xxx/CVE-2018-11473.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/monstra-cms/monstra/issues/446", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/446" - }, - { - "name" : "https://github.com/nikhil1232/Monstra-CMS-3.0.4-XSS-ON-Registration-Page", - "refsource" : "MISC", - "url" : "https://github.com/nikhil1232/Monstra-CMS-3.0.4-XSS-ON-Registration-Page" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/monstra-cms/monstra/issues/446", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/446" + }, + { + "name": "https://github.com/nikhil1232/Monstra-CMS-3.0.4-XSS-ON-Registration-Page", + "refsource": "MISC", + "url": "https://github.com/nikhil1232/Monstra-CMS-3.0.4-XSS-ON-Registration-Page" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14313.json b/2018/14xxx/CVE-2018-14313.json index 5503284d43c..195ad40e9b6 100644 --- a/2018/14xxx/CVE-2018-14313.json +++ b/2018/14xxx/CVE-2018-14313.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6362." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-773", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-773" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6362." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-773", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-773" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14496.json b/2018/14xxx/CVE-2018-14496.json index 71ac73210f4..2a761f7c570 100644 --- a/2018/14xxx/CVE-2018-14496.json +++ b/2018/14xxx/CVE-2018-14496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14496", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14496", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14604.json b/2018/14xxx/CVE-2018-14604.json index 8b39f94b588..99368f379c8 100644 --- a/2018/14xxx/CVE-2018-14604.json +++ b/2018/14xxx/CVE-2018-14604.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/", - "refsource" : "MISC", - "url" : "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/", + "refsource": "MISC", + "url": "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14900.json b/2018/14xxx/CVE-2018-14900.json index e88ea5945c0..c9f66dfb026 100644 --- a/2018/14xxx/CVE-2018-14900.json +++ b/2018/14xxx/CVE-2018-14900.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15061.json b/2018/15xxx/CVE-2018-15061.json index 0601c1ab152..2c96cacd700 100644 --- a/2018/15xxx/CVE-2018-15061.json +++ b/2018/15xxx/CVE-2018-15061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15281.json b/2018/15xxx/CVE-2018-15281.json index 5203f576052..983821fa199 100644 --- a/2018/15xxx/CVE-2018-15281.json +++ b/2018/15xxx/CVE-2018-15281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15414.json b/2018/15xxx/CVE-2018-15414.json index 58c2c5474cc..6dac411375a 100644 --- a/2018/15xxx/CVE-2018-15414.json +++ b/2018/15xxx/CVE-2018-15414.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-19T16:00:00-0500", - "ID" : "CVE-2018-15414", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx ARF Player ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-19T16:00:00-0500", + "ID": "CVE-2018-15414", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx ARF Player ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180919 Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex" - }, - { - "name" : "105374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105374" - }, - { - "name" : "1041689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041689" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180919-webex", - "defect" : [ - [ - "CSCvj63665", - "CSCvj63672", - "CSCvj63676", - "CSCvj63717", - "CSCvj63724", - "CSCvj63729", - "CSCvj67334", - "CSCvj67339", - "CSCvj67344" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041689" + }, + { + "name": "20180919 Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex" + }, + { + "name": "105374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105374" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180919-webex", + "defect": [ + [ + "CSCvj63665", + "CSCvj63672", + "CSCvj63676", + "CSCvj63717", + "CSCvj63724", + "CSCvj63729", + "CSCvj67334", + "CSCvj67339", + "CSCvj67344" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15820.json b/2018/15xxx/CVE-2018-15820.json index f09ad138886..7806ecd73c8 100644 --- a/2018/15xxx/CVE-2018-15820.json +++ b/2018/15xxx/CVE-2018-15820.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15820", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15820", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20070.json b/2018/20xxx/CVE-2018-20070.json index 714e0ed10a0..c11e2fd928a 100644 --- a/2018/20xxx/CVE-2018-20070.json +++ b/2018/20xxx/CVE-2018-20070.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-20070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-20070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/895885", - "refsource" : "MISC", - "url" : "https://crbug.com/895885" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/895885", + "refsource": "MISC", + "url": "https://crbug.com/895885" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20259.json b/2018/20xxx/CVE-2018-20259.json index 8bf55fc0902..0cefc9b79da 100644 --- a/2018/20xxx/CVE-2018-20259.json +++ b/2018/20xxx/CVE-2018-20259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20364.json b/2018/20xxx/CVE-2018-20364.json index eeeae1cc1e2..78bb0a22465 100644 --- a/2018/20xxx/CVE-2018-20364.json +++ b/2018/20xxx/CVE-2018-20364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibRaw/LibRaw/issues/194", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/issues/194" - }, - { - "name" : "106299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LibRaw/LibRaw/issues/194", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/issues/194" + }, + { + "name": "106299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106299" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20681.json b/2018/20xxx/CVE-2018-20681.json index 83a39ccb1c1..60e2a67fe21 100644 --- a/2018/20xxx/CVE-2018-20681.json +++ b/2018/20xxx/CVE-2018-20681.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mate-desktop/mate-screensaver/issues/152", - "refsource" : "MISC", - "url" : "https://github.com/mate-desktop/mate-screensaver/issues/152" - }, - { - "name" : "https://github.com/mate-desktop/mate-screensaver/issues/155", - "refsource" : "MISC", - "url" : "https://github.com/mate-desktop/mate-screensaver/issues/155" - }, - { - "name" : "https://github.com/mate-desktop/mate-screensaver/issues/170", - "refsource" : "MISC", - "url" : "https://github.com/mate-desktop/mate-screensaver/issues/170" - }, - { - "name" : "https://github.com/mate-desktop/mate-screensaver/pull/167", - "refsource" : "MISC", - "url" : "https://github.com/mate-desktop/mate-screensaver/pull/167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mate-desktop/mate-screensaver/pull/167", + "refsource": "MISC", + "url": "https://github.com/mate-desktop/mate-screensaver/pull/167" + }, + { + "name": "https://github.com/mate-desktop/mate-screensaver/issues/170", + "refsource": "MISC", + "url": "https://github.com/mate-desktop/mate-screensaver/issues/170" + }, + { + "name": "https://github.com/mate-desktop/mate-screensaver/issues/152", + "refsource": "MISC", + "url": "https://github.com/mate-desktop/mate-screensaver/issues/152" + }, + { + "name": "https://github.com/mate-desktop/mate-screensaver/issues/155", + "refsource": "MISC", + "url": "https://github.com/mate-desktop/mate-screensaver/issues/155" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20724.json b/2018/20xxx/CVE-2018-20724.json index 7a07a05da04..a7b2a77a7fb 100644 --- a/2018/20xxx/CVE-2018-20724.json +++ b/2018/20xxx/CVE-2018-20724.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Cacti/cacti/blob/develop/CHANGELOG", - "refsource" : "MISC", - "url" : "https://github.com/Cacti/cacti/blob/develop/CHANGELOG" - }, - { - "name" : "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53", - "refsource" : "MISC", - "url" : "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53" - }, - { - "name" : "https://github.com/Cacti/cacti/issues/2212", - "refsource" : "MISC", - "url" : "https://github.com/Cacti/cacti/issues/2212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Cacti/cacti/issues/2212", + "refsource": "MISC", + "url": "https://github.com/Cacti/cacti/issues/2212" + }, + { + "name": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG", + "refsource": "MISC", + "url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG" + }, + { + "name": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53", + "refsource": "MISC", + "url": "https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9522.json b/2018/9xxx/CVE-2018-9522.json index 4ef5bba2d91..a5d63deebcd 100644 --- a/2018/9xxx/CVE-2018-9522.json +++ b/2018/9xxx/CVE-2018-9522.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - }, - { - "name" : "105848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105848" + }, + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file