diff --git a/2002/0xxx/CVE-2002-0082.json b/2002/0xxx/CVE-2002-0082.json index 31bb0704bd5..f0ca57bb756 100644 --- a/2002/0xxx/CVE-2002-0082.json +++ b/2002/0xxx/CVE-2002-0082.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020227 mod_ssl Buffer Overflow Condition (Update Available)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/258646" - }, - { - "name" : "20020301 Apache-SSL buffer overflow (fix available)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101518491916936&w=2" - }, - { - "name" : "20020304 Apache-SSL 1.3.22+1.47 - update to security fix", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101528358424306&w=2" - }, - { - "name" : "http://www.apacheweek.com/issues/02-03-01#security", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/issues/02-03-01#security" - }, - { - "name" : "ESA-20020301-005", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/other_advisory-1923.html" - }, - { - "name" : "CLA-2002:465", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465" - }, - { - "name" : "MDKSA-2002:020", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php" - }, - { - "name" : "RHSA-2002:041", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-041.html" - }, - { - "name" : "RHSA-2002:042", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-042.html" - }, - { - "name" : "RHSA-2002:045", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-045.html" - }, - { - "name" : "DSA-120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-120" - }, - { - "name" : "HPSBTL0203-031", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/3965" - }, - { - "name" : "HPSBUX0204-190", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/4008" - }, - { - "name" : "CSSA-2002-011.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt" - }, - { - "name" : "SSRT0817", - "refsource" : "COMPAQ", - "url" : "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml" - }, - { - "name" : "4189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4189" - }, - { - "name" : "apache-modssl-bo(8308)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8308.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2002-011.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt" + }, + { + "name": "4189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4189" + }, + { + "name": "RHSA-2002:045", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-045.html" + }, + { + "name": "HPSBUX0204-190", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/4008" + }, + { + "name": "20020301 Apache-SSL buffer overflow (fix available)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101518491916936&w=2" + }, + { + "name": "20020227 mod_ssl Buffer Overflow Condition (Update Available)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/258646" + }, + { + "name": "MDKSA-2002:020", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php" + }, + { + "name": "ESA-20020301-005", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/other_advisory-1923.html" + }, + { + "name": "20020304 Apache-SSL 1.3.22+1.47 - update to security fix", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101528358424306&w=2" + }, + { + "name": "RHSA-2002:042", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-042.html" + }, + { + "name": "apache-modssl-bo(8308)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8308.php" + }, + { + "name": "RHSA-2002:041", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-041.html" + }, + { + "name": "http://www.apacheweek.com/issues/02-03-01#security", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/issues/02-03-01#security" + }, + { + "name": "SSRT0817", + "refsource": "COMPAQ", + "url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml" + }, + { + "name": "CLA-2002:465", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465" + }, + { + "name": "HPSBTL0203-031", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/3965" + }, + { + "name": "DSA-120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-120" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0400.json b/2002/0xxx/CVE-2002-0400.json index 379328cd5a5..ec072e3fc56 100644 --- a/2002/0xxx/CVE-2002-0400.json +++ b/2002/0xxx/CVE-2002-0400.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.isc.org/index.pl?/sw/bind/bind-security.php", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/index.pl?/sw/bind/bind-security.php" - }, - { - "name" : "CA-2002-15", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-15.html" - }, - { - "name" : "VU#739123", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/739123" - }, - { - "name" : "CSSA-2002-SCO.24", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt" - }, - { - "name" : "CLA-2002:494", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494" - }, - { - "name" : "HPSBUX0207-202", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2002-q3/0022.html" - }, - { - "name" : "MDKSA-2002:038", - "refsource" : "MANDRAKE", - "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038" - }, - { - "name" : "RHSA-2002:105", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-105.html" - }, - { - "name" : "RHSA-2002:119", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-119.html" - }, - { - "name" : "RHSA-2003:154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-154.html" - }, - { - "name" : "SuSE-SA:2002:021", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_21_bind9.html" - }, - { - "name" : "4936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4936" - }, - { - "name" : "bind-findtype-dos(9250)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9250.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php", + "refsource": "CONFIRM", + "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php" + }, + { + "name": "CLA-2002:494", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494" + }, + { + "name": "RHSA-2002:119", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-119.html" + }, + { + "name": "MDKSA-2002:038", + "refsource": "MANDRAKE", + "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038" + }, + { + "name": "4936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4936" + }, + { + "name": "RHSA-2002:105", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-105.html" + }, + { + "name": "CA-2002-15", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-15.html" + }, + { + "name": "RHSA-2003:154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-154.html" + }, + { + "name": "VU#739123", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/739123" + }, + { + "name": "HPSBUX0207-202", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2002-q3/0022.html" + }, + { + "name": "CSSA-2002-SCO.24", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt" + }, + { + "name": "bind-findtype-dos(9250)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9250.php" + }, + { + "name": "SuSE-SA:2002:021", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_21_bind9.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0423.json b/2002/0xxx/CVE-2002-0423.json index 7c64c7d338e..109e76c1460 100644 --- a/2002/0xxx/CVE-2002-0423.json +++ b/2002/0xxx/CVE-2002-0423.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020306 efingerd remote buffer overflow and a dangerous feature", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html" - }, - { - "name" : "http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz" - }, - { - "name" : "4239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4239" - }, - { - "name" : "efingerd-reverse-lookup-bo(8380)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8380.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4239" + }, + { + "name": "http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz", + "refsource": "CONFIRM", + "url": "http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz" + }, + { + "name": "efingerd-reverse-lookup-bo(8380)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8380.php" + }, + { + "name": "20020306 efingerd remote buffer overflow and a dangerous feature", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0556.json b/2002/0xxx/CVE-2002-0556.json index 00e227aaf1c..fddc8132e45 100644 --- a/2002/0xxx/CVE-2002-0556.json +++ b/2002/0xxx/CVE-2002-0556.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020403 Quik-Serv Web Server v1.1B Arbitrary File Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0051.html" - }, - { - "name" : "4425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4425" - }, - { - "name" : "quikserv-dot-directory-traversal(8754)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8754.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020403 Quik-Serv Web Server v1.1B Arbitrary File Disclosure", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0051.html" + }, + { + "name": "quikserv-dot-directory-traversal(8754)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8754.php" + }, + { + "name": "4425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4425" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1261.json b/2002/1xxx/CVE-2002-1261.json index 6530e019a63..c214f64e46b 100644 --- a/2002/1xxx/CVE-2002-1261.json +++ b/2002/1xxx/CVE-2002-1261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1261", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1292. Reason: This candidate is a reservation duplicate of CVE-2002-1292. Notes: All CVE users should reference CVE-2002-1292 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-1261", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1292. Reason: This candidate is a reservation duplicate of CVE-2002-1292. Notes: All CVE users should reference CVE-2002-1292 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1297.json b/2002/1xxx/CVE-2002-1297.json index d90e1ffd07d..fb517dd841b 100644 --- a/2002/1xxx/CVE-2002-1297.json +++ b/2002/1xxx/CVE-2002-1297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1297", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-1297", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2133.json b/2002/2xxx/CVE-2002-2133.json index 4363fe0f6b6..6024fd91712 100644 --- a/2002/2xxx/CVE-2002-2133.json +++ b/2002/2xxx/CVE-2002-2133.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021228 Telindus 112x ADSL Router - Weak Password Encryption", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0262.html" - }, - { - "name" : "20030223 Weak Encryption Scheme in Telindus 112x", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0277.html" - }, - { - "name" : "6919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6919" - }, - { - "name" : "4762", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4762" - }, - { - "name" : "telindus-adsl-weak-encryption(10951)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10951.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "telindus-adsl-weak-encryption(10951)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10951.php" + }, + { + "name": "20030223 Weak Encryption Scheme in Telindus 112x", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0277.html" + }, + { + "name": "4762", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4762" + }, + { + "name": "20021228 Telindus 112x ADSL Router - Weak Password Encryption", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0262.html" + }, + { + "name": "6919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6919" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1025.json b/2005/1xxx/CVE-2005-1025.json index 68755558d61..fa875f4b4b6 100644 --- a/2005/1xxx/CVE-2005-1025.json +++ b/2005/1xxx/CVE-2005-1025.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050404 Disclosure of AS/400 user accounts via the FTP server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111264136829017&w=2" - }, - { - "name" : "http://www.venera.com/downloads/AS400_user_accounts_ftp_disclosure.pdf", - "refsource" : "MISC", - "url" : "http://www.venera.com/downloads/AS400_user_accounts_ftp_disclosure.pdf" - }, - { - "name" : "15300", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15300", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15300" + }, + { + "name": "http://www.venera.com/downloads/AS400_user_accounts_ftp_disclosure.pdf", + "refsource": "MISC", + "url": "http://www.venera.com/downloads/AS400_user_accounts_ftp_disclosure.pdf" + }, + { + "name": "20050404 Disclosure of AS/400 user accounts via the FTP server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111264136829017&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1100.json b/2005/1xxx/CVE-2005-1100.json index 770801e265b..479eebe65ec 100644 --- a/2005/1xxx/CVE-2005-1100.json +++ b/2005/1xxx/CVE-2005-1100.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050412 GLD (Greylisting daemon for Postfix) multiple vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111339935903880&w=2" - }, - { - "name" : "GLSA-200504-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200504-10.xml" - }, - { - "name" : "15493", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15493" - }, - { - "name" : "1013678", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2005/Apr/1013678.html" - }, - { - "name" : "14941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14941" - }, - { - "name" : "gld-cnfc-format-string(20067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15493", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15493" + }, + { + "name": "1013678", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2005/Apr/1013678.html" + }, + { + "name": "GLSA-200504-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200504-10.xml" + }, + { + "name": "14941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14941" + }, + { + "name": "20050412 GLD (Greylisting daemon for Postfix) multiple vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111339935903880&w=2" + }, + { + "name": "gld-cnfc-format-string(20067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20067" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1583.json b/2005/1xxx/CVE-2005-1583.json index aac143a50ad..fcd171ef4ef 100644 --- a/2005/1xxx/CVE-2005-1583.json +++ b/2005/1xxx/CVE-2005-1583.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013960", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013960", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013960" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1718.json b/2005/1xxx/CVE-2005-1718.json index 0b1dac50b83..1bf86aaf410 100644 --- a/2005/1xxx/CVE-2005-1718.json +++ b/2005/1xxx/CVE-2005-1718.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/wartimesboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/wartimesboom-adv.txt" - }, - { - "name" : "16619", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16619" - }, - { - "name" : "1013981", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013981" - }, - { - "name" : "15363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/wartimesboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/wartimesboom-adv.txt" + }, + { + "name": "15363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15363" + }, + { + "name": "1013981", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013981" + }, + { + "name": "16619", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16619" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1742.json b/2005/1xxx/CVE-2005-1742.json index 90d5dcb8088..e327c343346 100644 --- a/2005/1xxx/CVE-2005-1742.json +++ b/2005/1xxx/CVE-2005-1742.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to \"shrink or reset JDBC connection pools.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-75.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/125" - }, - { - "name" : "13717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13717" - }, - { - "name" : "ADV-2005-0602", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0602" - }, - { - "name" : "1014049", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014049" - }, - { - "name" : "15486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to \"shrink or reset JDBC connection pools.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15486" + }, + { + "name": "ADV-2005-0602", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0602" + }, + { + "name": "1014049", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014049" + }, + { + "name": "BEA05-75.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/125" + }, + { + "name": "13717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13717" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1886.json b/2005/1xxx/CVE-2005-1886.json index 850190db533..c5030fdcb32 100644 --- a/2005/1xxx/CVE-2005-1886.json +++ b/2005/1xxx/CVE-2005-1886.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secwatch.org/advisories/secwatch/20050530_yapig.txt", - "refsource" : "MISC", - "url" : "http://secwatch.org/advisories/secwatch/20050530_yapig.txt" - }, - { - "name" : "13875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13875" - }, - { - "name" : "13876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13876" - }, - { - "name" : "17118", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17118" - }, - { - "name" : "15600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15600/" - }, - { - "name" : "1014103", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15600/" + }, + { + "name": "13876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13876" + }, + { + "name": "13875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13875" + }, + { + "name": "http://secwatch.org/advisories/secwatch/20050530_yapig.txt", + "refsource": "MISC", + "url": "http://secwatch.org/advisories/secwatch/20050530_yapig.txt" + }, + { + "name": "1014103", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014103" + }, + { + "name": "17118", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17118" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0788.json b/2009/0xxx/CVE-2009-0788.json index 275eba4ce9e..cffb35d8507 100644 --- a/2009/0xxx/CVE-2009-0788.json +++ b/2009/0xxx/CVE-2009-0788.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=491365", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=491365" - }, - { - "name" : "RHSA-2011:0434", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0434.html" - }, - { - "name" : "47316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47316" - }, - { - "name" : "1025316", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025316" - }, - { - "name" : "44150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44150" - }, - { - "name" : "ADV-2011-0967", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0967" - }, - { - "name" : "rhnss-url-security-bypass(66691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44150" + }, + { + "name": "RHSA-2011:0434", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0434.html" + }, + { + "name": "rhnss-url-security-bypass(66691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66691" + }, + { + "name": "1025316", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025316" + }, + { + "name": "47316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47316" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=491365", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491365" + }, + { + "name": "ADV-2011-0967", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0967" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1300.json b/2009/1xxx/CVE-2009-1300.json index 2f7ba244719..ddd43e90a52 100644 --- a/2009/1xxx/CVE-2009-1300.json +++ b/2009/1xxx/CVE-2009-1300.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090408 CVE request: apt", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/04/08/11" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793" - }, - { - "name" : "DSA-1779", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1779" - }, - { - "name" : "USN-762-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/762-1/" - }, - { - "name" : "34829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34829" - }, - { - "name" : "34832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34832" - }, - { - "name" : "34874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34874" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793" + }, + { + "name": "DSA-1779", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1779" + }, + { + "name": "34829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34829" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213" + }, + { + "name": "[oss-security] 20090408 CVE request: apt", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/04/08/11" + }, + { + "name": "34832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34832" + }, + { + "name": "USN-762-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/762-1/" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1473.json b/2009/1xxx/CVE-2009-1473.json index 55488c20378..88f2b58544c 100644 --- a/2009/1xxx/CVE-2009-1473.json +++ b/2009/1xxx/CVE-2009-1473.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503827/100/0/threaded" - }, - { - "name" : "35108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35108" - }, - { - "name" : "35241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35241" - }, - { - "name" : "aten-kvm-client-weak-security(50849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35241" + }, + { + "name": "35108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35108" + }, + { + "name": "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded" + }, + { + "name": "aten-kvm-client-weak-security(50849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1612.json b/2009/1xxx/CVE-2009-1612.json index 6c7bfbf986c..01bed4f45a7 100644 --- a/2009/1xxx/CVE-2009-1612.json +++ b/2009/1xxx/CVE-2009-1612.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8579", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8579" - }, - { - "name" : "http://www.cisrt.org/enblog/read.php?245", - "refsource" : "MISC", - "url" : "http://www.cisrt.org/enblog/read.php?245" - }, - { - "name" : "34789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34789" - }, - { - "name" : "34944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8579", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8579" + }, + { + "name": "34789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34789" + }, + { + "name": "34944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34944" + }, + { + "name": "http://www.cisrt.org/enblog/read.php?245", + "refsource": "MISC", + "url": "http://www.cisrt.org/enblog/read.php?245" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1622.json b/2009/1xxx/CVE-2009-1622.json index 506cd97c349..8788c62c3fa 100644 --- a/2009/1xxx/CVE-2009-1622.json +++ b/2009/1xxx/CVE-2009-1622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8548", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8548" - }, - { - "name" : "34733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8548", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8548" + }, + { + "name": "34733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34733" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1779.json b/2009/1xxx/CVE-2009-1779.json index b59d6966aec..976ceb0b9d0 100644 --- a/2009/1xxx/CVE-2009-1779.json +++ b/2009/1xxx/CVE-2009-1779.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8658", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8658" - }, - { - "name" : "34909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34909" - }, - { - "name" : "ADV-2009-1287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1287" + }, + { + "name": "34909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34909" + }, + { + "name": "8658", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8658" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5111.json b/2009/5xxx/CVE-2009-5111.json index 9e9bbfec5f2..72363e7a66f 100644 --- a/2009/5xxx/CVE-2009-5111.json +++ b/2009/5xxx/CVE-2009-5111.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ha.ckers.org/slowloris/", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/slowloris/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ha.ckers.org/slowloris/", + "refsource": "MISC", + "url": "http://ha.ckers.org/slowloris/" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0110.json b/2012/0xxx/CVE-2012-0110.json index 81aaf7c625c..f6664bd3aed 100644 --- a/2012/0xxx/CVE-2012-0110.json +++ b/2012/0xxx/CVE-2012-0110.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "51452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + }, + { + "name": "51452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51452" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0664.json b/2012/0xxx/CVE-2012-0664.json index 2240cca24f8..f2852cb9aa8 100644 --- a/2012/0xxx/CVE-2012-0664.json +++ b/2012/0xxx/CVE-2012-0664.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5261", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5261" - }, - { - "name" : "APPLE-SA-2012-05-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" - }, - { - "name" : "53574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53574" - }, - { - "name" : "oval:org.mitre.oval:def:16148", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16148" - }, - { - "name" : "1027065", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027065", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027065" + }, + { + "name": "oval:org.mitre.oval:def:16148", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16148" + }, + { + "name": "http://support.apple.com/kb/HT5261", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5261" + }, + { + "name": "53574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53574" + }, + { + "name": "APPLE-SA-2012-05-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0989.json b/2012/0xxx/CVE-2012-0989.json index 21ae55537e3..8c198c9cd84 100644 --- a/2012/0xxx/CVE-2012-0989.json +++ b/2012/0xxx/CVE-2012-0989.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120118 XSS in OneOrZero AIMS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0117.html" - }, - { - "name" : "https://www.htbridge.ch/advisory/xss_in_oneorzero_aims.html", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/xss_in_oneorzero_aims.html" - }, - { - "name" : "51549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51549" - }, - { - "name" : "oneorzeroaims-index-xss(72456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.ch/advisory/xss_in_oneorzero_aims.html", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/xss_in_oneorzero_aims.html" + }, + { + "name": "oneorzeroaims-index-xss(72456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72456" + }, + { + "name": "51549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51549" + }, + { + "name": "20120118 XSS in OneOrZero AIMS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0117.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2075.json b/2012/2xxx/CVE-2012-2075.json index eb0395478eb..8599ed2b607 100644 --- a/2012/2xxx/CVE-2012-2075.json +++ b/2012/2xxx/CVE-2012-2075.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1506438", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1506438" - }, - { - "name" : "http://drupal.org/node/953788", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/953788" - }, - { - "name" : "http://drupalcode.org/project/contact_save.git/commit/0654894", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/contact_save.git/commit/0654894" - }, - { - "name" : "52787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52787" - }, - { - "name" : "80669", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80669" - }, - { - "name" : "48619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48619" - }, - { - "name" : "drupal-contactsave-unspecified-xss(74515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1506438", + "refsource": "MISC", + "url": "http://drupal.org/node/1506438" + }, + { + "name": "48619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48619" + }, + { + "name": "80669", + "refsource": "OSVDB", + "url": "http://osvdb.org/80669" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "http://drupal.org/node/953788", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/953788" + }, + { + "name": "52787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52787" + }, + { + "name": "drupal-contactsave-unspecified-xss(74515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74515" + }, + { + "name": "http://drupalcode.org/project/contact_save.git/commit/0654894", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/contact_save.git/commit/0654894" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2159.json b/2012/2xxx/CVE-2012-2159.json index 578114071eb..dcae745ba99 100644 --- a/2012/2xxx/CVE-2012-2159.json +++ b/2012/2xxx/CVE-2012-2159.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21596690", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21596690" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21598423", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21598423" - }, - { - "name" : "iehs-multiple-open-redirect(74832)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21598423", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21598423" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21596690", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21596690" + }, + { + "name": "iehs-multiple-open-redirect(74832)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2857.json b/2012/2xxx/CVE-2012-2857.json index 4f707dc27b7..20cc49ed572 100644 --- a/2012/2xxx/CVE-2012-2857.json +++ b/2012/2xxx/CVE-2012-2857.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=136235", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=136235" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" - }, - { - "name" : "http://support.apple.com/kb/HT5642", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5642" - }, - { - "name" : "APPLE-SA-2013-01-28-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2013-03-14-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:15336", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=136235", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=136235" + }, + { + "name": "http://support.apple.com/kb/HT5642", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5642" + }, + { + "name": "oval:org.mitre.oval:def:15336", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15336" + }, + { + "name": "APPLE-SA-2013-03-14-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" + }, + { + "name": "APPLE-SA-2013-01-28-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3002.json b/2012/3xxx/CVE-2012-3002.json index 233e903203f..7ef2706baee 100644 --- a/2012/3xxx/CVE-2012-3002.json +++ b/2012/3xxx/CVE-2012-3002.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-3002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html", - "refsource" : "MISC", - "url" : "http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html" - }, - { - "name" : "http://www.foscam.com/help.aspx?TypeId=11", - "refsource" : "MISC", - "url" : "http://www.foscam.com/help.aspx?TypeId=11" - }, - { - "name" : "VU#265532", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/265532" - }, - { - "name" : "55873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55873" - }, - { - "name" : "50950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50950" - }, - { - "name" : "50966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50966" + }, + { + "name": "http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html", + "refsource": "MISC", + "url": "http://foscam.us/forum/h264-ip-camera-web-interface-authentication-bypass-test-tool-t3252.html" + }, + { + "name": "VU#265532", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/265532" + }, + { + "name": "http://www.foscam.com/help.aspx?TypeId=11", + "refsource": "MISC", + "url": "http://www.foscam.com/help.aspx?TypeId=11" + }, + { + "name": "50950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50950" + }, + { + "name": "55873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55873" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3224.json b/2012/3xxx/CVE-2012-3224.json index 84d651dc627..508e545f2a2 100644 --- a/2012/3xxx/CVE-2012-3224.json +++ b/2012/3xxx/CVE-2012-3224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "51019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51019" - }, - { - "name" : "flexcubedirectbanking-bse-info-disc(79361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "flexcubedirectbanking-bse-info-disc(79361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79361" + }, + { + "name": "51019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51019" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3467.json b/2012/3xxx/CVE-2012-3467.json index 128d509a5b1..81a97da99f3 100644 --- a/2012/3xxx/CVE-2012-3467.json +++ b/2012/3xxx/CVE-2012-3467.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120809 CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/09/6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=836276", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=836276" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1352992", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1352992" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-3849", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPID-3849" - }, - { - "name" : "RHSA-2012:1277", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1277.html" - }, - { - "name" : "RHSA-2012:1279", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1279.html" - }, - { - "name" : "54954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54954" - }, - { - "name" : "50186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50186" - }, - { - "name" : "50698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50698" - }, - { - "name" : "apache-qpid-broker-sec-bypass(77568)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1352992", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1352992" + }, + { + "name": "50186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50186" + }, + { + "name": "54954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54954" + }, + { + "name": "RHSA-2012:1279", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1279.html" + }, + { + "name": "https://issues.apache.org/jira/browse/QPID-3849", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPID-3849" + }, + { + "name": "apache-qpid-broker-sec-bypass(77568)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77568" + }, + { + "name": "RHSA-2012:1277", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html" + }, + { + "name": "50698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50698" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=836276", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=836276" + }, + { + "name": "[oss-security] 20120809 CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/09/6" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3561.json b/2012/3xxx/CVE-2012-3561.json index 7425de4b50d..2fd093a235f 100644 --- a/2012/3xxx/CVE-2012-3561.json +++ b/2012/3xxx/CVE-2012-3561.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1164/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1164/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1164/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1164/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1164/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1164/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1016/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1016/" - }, - { - "name" : "81809", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1164/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1164/" + }, + { + "name": "http://www.opera.com/support/kb/view/1016/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1016/" + }, + { + "name": "81809", + "refsource": "OSVDB", + "url": "http://osvdb.org/81809" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1164/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1164/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1164/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1164/" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3680.json b/2012/3xxx/CVE-2012-3680.json index 93a98da31ed..ea0dc2722d5 100644 --- a/2012/3xxx/CVE-2012-3680.json +++ b/2012/3xxx/CVE-2012-3680.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3981.json b/2012/3xxx/CVE-2012-3981.json index 673140afffe..6dd080d6a85 100644 --- a/2012/3xxx/CVE-2012-3981.json +++ b/2012/3xxx/CVE-2012-3981.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785112", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785112" - }, - { - "name" : "http://www.bugzilla.org/security/3.6.10/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.6.10/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785470", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785470" - }, - { - "name" : "MDVSA-2013:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066" - }, - { - "name" : "85072", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85072" - }, - { - "name" : "bugzilla-ldap-data-manipulation(78193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "85072", + "refsource": "OSVDB", + "url": "http://osvdb.org/85072" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=785470", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785470" + }, + { + "name": "http://www.bugzilla.org/security/3.6.10/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.6.10/" + }, + { + "name": "MDVSA-2013:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=785112", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785112" + }, + { + "name": "bugzilla-ldap-data-manipulation(78193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78193" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4515.json b/2012/4xxx/CVE-2012-4515.json index 869231e4408..4d90a30bca6 100644 --- a/2012/4xxx/CVE-2012-4515.json +++ b/2012/4xxx/CVE-2012-4515.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121030 Medium risk security flaws in Konqueror", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html" - }, - { - "name" : "[oss-security] 20121011 Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/11/11" - }, - { - "name" : "[oss-security] 20121030 Medium risk security flaws in Konqueror", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/30/6" - }, - { - "name" : "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc", - "refsource" : "MISC", - "url" : "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc" - }, - { - "name" : "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8", - "refsource" : "CONFIRM", - "url" : "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8" - }, - { - "name" : "51097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51097" - }, - { - "name" : "51145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51145" + }, + { + "name": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc", + "refsource": "MISC", + "url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc" + }, + { + "name": "[oss-security] 20121011 Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/11/11" + }, + { + "name": "20121030 Medium risk security flaws in Konqueror", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html" + }, + { + "name": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8", + "refsource": "CONFIRM", + "url": "http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8" + }, + { + "name": "[oss-security] 20121030 Medium risk security flaws in Konqueror", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/30/6" + }, + { + "name": "51097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51097" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4588.json b/2012/4xxx/CVE-2012-4588.json index d446ae51854..df537dece4a 100644 --- a/2012/4xxx/CVE-2012-4588.json +++ b/2012/4xxx/CVE-2012-4588.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10021", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10021", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10021" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4803.json b/2012/4xxx/CVE-2012-4803.json index 5949d3899ba..d03d3112664 100644 --- a/2012/4xxx/CVE-2012-4803.json +++ b/2012/4xxx/CVE-2012-4803.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4803", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4803", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6304.json b/2012/6xxx/CVE-2012-6304.json index b9f22ca7f99..a18f9b6e505 100644 --- a/2012/6xxx/CVE-2012-6304.json +++ b/2012/6xxx/CVE-2012-6304.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6304", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6304", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6479.json b/2012/6xxx/CVE-2012-6479.json index 9147fcdb8b8..0afaece629c 100644 --- a/2012/6xxx/CVE-2012-6479.json +++ b/2012/6xxx/CVE-2012-6479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2056.json b/2017/2xxx/CVE-2017-2056.json index 7fe5788ffa8..893fe1535db 100644 --- a/2017/2xxx/CVE-2017-2056.json +++ b/2017/2xxx/CVE-2017-2056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2056", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2056", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2167.json b/2017/2xxx/CVE-2017-2167.json index fd454a0268e..ff9986a005c 100644 --- a/2017/2xxx/CVE-2017-2167.json +++ b/2017/2xxx/CVE-2017-2167.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer for PrimeDrive Desktop Application", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.4.4 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "SoftBank Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer for PrimeDrive Desktop Application", + "version": { + "version_data": [ + { + "version_value": "version 1.4.4 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SoftBank Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.softbank.jp/biz/news/cloud/170426/", - "refsource" : "MISC", - "url" : "http://www.softbank.jp/biz/news/cloud/170426/" - }, - { - "name" : "JVN#16248227", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN16248227/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.softbank.jp/biz/news/cloud/170426/", + "refsource": "MISC", + "url": "http://www.softbank.jp/biz/news/cloud/170426/" + }, + { + "name": "JVN#16248227", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN16248227/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2746.json b/2017/2xxx/CVE-2017-2746.json index b5fa3c792ac..e234f7ab966 100644 --- a/2017/2xxx/CVE-2017-2746.json +++ b/2017/2xxx/CVE-2017-2746.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "hp-security-alert@hp.com", - "DATE_PUBLIC" : "2017-01-17T00:00:00", - "ID" : "CVE-2017-2746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HP JetAdvantage Security Manager", - "version" : { - "version_data" : [ - { - "version_value" : "before 3.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "HP Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "DATE_PUBLIC": "2017-01-17T00:00:00", + "ID": "CVE-2017-2746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HP JetAdvantage Security Manager", + "version": { + "version_data": [ + { + "version_value": "before 3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "HP Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI03562", - "refsource" : "HP", - "url" : "https://support.hp.com/us-en/document/c05639510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI03562", + "refsource": "HP", + "url": "https://support.hp.com/us-en/document/c05639510" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2783.json b/2017/2xxx/CVE-2017-2783.json index 80859bc3f9e..bc18810633d 100644 --- a/2017/2xxx/CVE-2017-2783.json +++ b/2017/2xxx/CVE-2017-2783.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DMC HTMLFilter", - "version" : { - "version_data" : [ - { - "version_value" : "as shipped with MarkLogic 8.0-6" - } - ] - } - } - ] - }, - "vendor_name" : "Antenna House" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DMC HTMLFilter", + "version": { + "version_data": [ + { + "version_value": "as shipped with MarkLogic 8.0-6" + } + ] + } + } + ] + }, + "vendor_name": "Antenna House" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2017-0279/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2017-0279/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2017-0279/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2017-0279/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6390.json b/2017/6xxx/CVE-2017-6390.json index 587406e96d5..2137a14b9be 100644 --- a/2017/6xxx/CVE-2017-6390.json +++ b/2017/6xxx/CVE-2017-6390.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"whatanime.ga-master/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/soruly/whatanime.ga/commit/c334dd8499a681587dd4199e90b0aa0eba814c1d", - "refsource" : "CONFIRM", - "url" : "https://github.com/soruly/whatanime.ga/commit/c334dd8499a681587dd4199e90b0aa0eba814c1d" - }, - { - "name" : "https://github.com/soruly/whatanime.ga/issues/8", - "refsource" : "CONFIRM", - "url" : "https://github.com/soruly/whatanime.ga/issues/8" - }, - { - "name" : "96555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"whatanime.ga-master/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96555" + }, + { + "name": "https://github.com/soruly/whatanime.ga/commit/c334dd8499a681587dd4199e90b0aa0eba814c1d", + "refsource": "CONFIRM", + "url": "https://github.com/soruly/whatanime.ga/commit/c334dd8499a681587dd4199e90b0aa0eba814c1d" + }, + { + "name": "https://github.com/soruly/whatanime.ga/issues/8", + "refsource": "CONFIRM", + "url": "https://github.com/soruly/whatanime.ga/issues/8" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6431.json b/2017/6xxx/CVE-2017-6431.json index 06277486f83..13b96e7e831 100644 --- a/2017/6xxx/CVE-2017-6431.json +++ b/2017/6xxx/CVE-2017-6431.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6431", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6431", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6928.json b/2017/6xxx/CVE-2017-6928.json index 8f723d12dc3..d2f70e7d62e 100644 --- a/2017/6xxx/CVE-2017-6928.json +++ b/2017/6xxx/CVE-2017-6928.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@drupal.org", - "DATE_PUBLIC" : "2018-02-21T00:00:00", - "ID" : "CVE-2017-6928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Drupal Core", - "version" : { - "version_data" : [ - { - "version_value" : "Drupal 7.x versions before 7.57" - } - ] - } - } - ] - }, - "vendor_name" : "Drupal.org" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Access bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@drupal.org", + "DATE_PUBLIC": "2018-02-21T00:00:00", + "ID": "CVE-2017-6928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drupal Core", + "version": { + "version_data": [ + { + "version_value": "Drupal 7.x versions before 7.57" + } + ] + } + } + ] + }, + "vendor_name": "Drupal.org" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180228 [SECURITY] [DLA 1295-1] drupal7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" - }, - { - "name" : "https://www.drupal.org/sa-core-2018-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/sa-core-2018-001" - }, - { - "name" : "DSA-4123", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4123", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4123" + }, + { + "name": "[debian-lts-announce] 20180228 [SECURITY] [DLA 1295-1] drupal7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html" + }, + { + "name": "https://www.drupal.org/sa-core-2018-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/sa-core-2018-001" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6984.json b/2017/6xxx/CVE-2017-6984.json index 79265a382f9..1e62a06a871 100644 --- a/2017/6xxx/CVE-2017-6984.json +++ b/2017/6xxx/CVE-2017-6984.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-6984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-6984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42191", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42191/" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "https://support.apple.com/HT207805", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207805" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98454" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42191", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42191/" + }, + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "98454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98454" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "https://support.apple.com/HT207805", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207805" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11143.json b/2018/11xxx/CVE-2018-11143.json index 759288a7e9c..4707cc49665 100644 --- a/2018/11xxx/CVE-2018-11143.json +++ b/2018/11xxx/CVE-2018-11143.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11579.json b/2018/11xxx/CVE-2018-11579.json index 400f23bc8ad..d43330c8580 100644 --- a/2018/11xxx/CVE-2018-11579.json +++ b/2018/11xxx/CVE-2018-11579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin/", - "refsource" : "MISC", - "url" : "http://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin/" - }, - { - "name" : "https://wordpress.org/plugins/banner-management-for-woocommerce/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/banner-management-for-woocommerce/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin/", + "refsource": "MISC", + "url": "http://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin/" + }, + { + "name": "https://wordpress.org/plugins/banner-management-for-woocommerce/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/banner-management-for-woocommerce/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11622.json b/2018/11xxx/CVE-2018-11622.json index da6b544f7d5..a0776d2a22d 100644 --- a/2018/11xxx/CVE-2018-11622.json +++ b/2018/11xxx/CVE-2018-11622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-11622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787-Out-of-bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-11622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-699", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-699" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-699", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-699" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11652.json b/2018/11xxx/CVE-2018-11652.json index 5b17f00ba6a..07c8de3f3ad 100644 --- a/2018/11xxx/CVE-2018-11652.json +++ b/2018/11xxx/CVE-2018-11652.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44899", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44899/" - }, - { - "name" : "https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7", - "refsource" : "MISC", - "url" : "https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7", + "refsource": "MISC", + "url": "https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7" + }, + { + "name": "44899", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44899/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11910.json b/2018/11xxx/CVE-2018-11910.json index 438593f76a9..a5ad0b30527 100644 --- a/2018/11xxx/CVE-2018-11910.json +++ b/2018/11xxx/CVE-2018-11910.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potential issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potential issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14139.json b/2018/14xxx/CVE-2018-14139.json index 81f0f9bb020..b915bd59652 100644 --- a/2018/14xxx/CVE-2018-14139.json +++ b/2018/14xxx/CVE-2018-14139.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14139", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14139", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14546.json b/2018/14xxx/CVE-2018-14546.json index 649b72f4d26..baa45565aad 100644 --- a/2018/14xxx/CVE-2018-14546.json +++ b/2018/14xxx/CVE-2018-14546.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14546", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14546", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14831.json b/2018/14xxx/CVE-2018-14831.json index 52d7747db96..09b3ac13aeb 100644 --- a/2018/14xxx/CVE-2018-14831.json +++ b/2018/14xxx/CVE-2018-14831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14831", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14831", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14920.json b/2018/14xxx/CVE-2018-14920.json index 7878e17e002..2a5deee0123 100644 --- a/2018/14xxx/CVE-2018-14920.json +++ b/2018/14xxx/CVE-2018-14920.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14920", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14920", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14964.json b/2018/14xxx/CVE-2018-14964.json index 0edf0e6f44e..5480b41137d 100644 --- a/2018/14xxx/CVE-2018-14964.json +++ b/2018/14xxx/CVE-2018-14964.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/emlsoft/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/emlsoft/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/emlsoft/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/emlsoft/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15112.json b/2018/15xxx/CVE-2018-15112.json index 77b668df3d8..6d3186f403b 100644 --- a/2018/15xxx/CVE-2018-15112.json +++ b/2018/15xxx/CVE-2018-15112.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15112", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15112", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15250.json b/2018/15xxx/CVE-2018-15250.json index 194e9bc295b..0090ed300fd 100644 --- a/2018/15xxx/CVE-2018-15250.json +++ b/2018/15xxx/CVE-2018-15250.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15250", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15250", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15377.json b/2018/15xxx/CVE-2018-15377.json index aef9f686a2d..d2a58562c1b 100644 --- a/2018/15xxx/CVE-2018-15377.json +++ b/2018/15xxx/CVE-2018-15377.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-26T16:00:00-0500", - "ID" : "CVE-2018-15377", - "STATE" : "PUBLIC", - "TITLE" : "Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS Software", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-26T16:00:00-0500", + "ID": "CVE-2018-15377", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS Software", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180926-pnp-memleak", - "defect" : [ - [ - "CSCvi30136" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180926-pnp-memleak", + "defect": [ + [ + "CSCvi30136" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20144.json b/2018/20xxx/CVE-2018-20144.json index 92b389bcce7..edea7f27be9 100644 --- a/2018/20xxx/CVE-2018-20144.json +++ b/2018/20xxx/CVE-2018-20144.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20144", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20144", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20192.json b/2018/20xxx/CVE-2018-20192.json index ec0b69710cf..98d6c89d32c 100644 --- a/2018/20xxx/CVE-2018-20192.json +++ b/2018/20xxx/CVE-2018-20192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20679.json b/2018/20xxx/CVE-2018-20679.json index 35e2622e185..6825e52619c 100644 --- a/2018/20xxx/CVE-2018-20679.json +++ b/2018/20xxx/CVE-2018-20679.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.busybox.net/show_bug.cgi?id=11506", - "refsource" : "MISC", - "url" : "https://bugs.busybox.net/show_bug.cgi?id=11506" - }, - { - "name" : "https://busybox.net/news.html", - "refsource" : "MISC", - "url" : "https://busybox.net/news.html" - }, - { - "name" : "https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c", - "refsource" : "MISC", - "url" : "https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c", + "refsource": "MISC", + "url": "https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c" + }, + { + "name": "https://busybox.net/news.html", + "refsource": "MISC", + "url": "https://busybox.net/news.html" + }, + { + "name": "https://bugs.busybox.net/show_bug.cgi?id=11506", + "refsource": "MISC", + "url": "https://bugs.busybox.net/show_bug.cgi?id=11506" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20687.json b/2018/20xxx/CVE-2018-20687.json index d764bfd53d4..49e394885e1 100644 --- a/2018/20xxx/CVE-2018-20687.json +++ b/2018/20xxx/CVE-2018-20687.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20687", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20687", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9320.json b/2018/9xxx/CVE-2018-9320.json index 74f0d75393e..4a585e362ed 100644 --- a/2018/9xxx/CVE-2018-9320.json +++ b/2018/9xxx/CVE-2018-9320.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf", - "refsource" : "MISC", - "url" : "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf" - }, - { - "name" : "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/", - "refsource" : "MISC", - "url" : "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/" - }, - { - "name" : "104258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf", + "refsource": "MISC", + "url": "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf" + }, + { + "name": "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/", + "refsource": "MISC", + "url": "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/" + }, + { + "name": "104258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104258" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9721.json b/2018/9xxx/CVE-2018-9721.json index a62ce8e0a31..f21ac183d56 100644 --- a/2018/9xxx/CVE-2018-9721.json +++ b/2018/9xxx/CVE-2018-9721.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9721", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9721", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file