diff --git a/2002/0xxx/CVE-2002-0060.json b/2002/0xxx/CVE-2002-0060.json index 32338d130e8..ceeaf7054a3 100644 --- a/2002/0xxx/CVE-2002-0060.json +++ b/2002/0xxx/CVE-2002-0060.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020227 security advisory linux 2.4.x ip_conntrack_irc", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101483396412051&w=2" - }, - { - "name" : "20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=101486352429653&w=2" - }, - { - "name" : "http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html", - "refsource" : "CONFIRM", - "url" : "http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html" - }, - { - "name" : "HPSBUX0203-027", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0203-027" - }, - { - "name" : "MDKSA-2002:041", - "refsource" : "MANDRAKE", - "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:041" - }, - { - "name" : "RHSA-2002:028", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-028.html" - }, - { - "name" : "VU#230307", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/230307" - }, - { - "name" : "4188", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4188" - }, - { - "name" : "linux-dcc-port-access(8302)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#230307", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/230307" + }, + { + "name": "http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html", + "refsource": "CONFIRM", + "url": "http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html" + }, + { + "name": "HPSBUX0203-027", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0203-027" + }, + { + "name": "MDKSA-2002:041", + "refsource": "MANDRAKE", + "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:041" + }, + { + "name": "20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=101486352429653&w=2" + }, + { + "name": "20020227 security advisory linux 2.4.x ip_conntrack_irc", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101483396412051&w=2" + }, + { + "name": "RHSA-2002:028", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-028.html" + }, + { + "name": "linux-dcc-port-access(8302)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8302" + }, + { + "name": "4188", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4188" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0799.json b/2002/0xxx/CVE-2002-0799.json index 20b1e3003ee..2f4310c635b 100644 --- a/2002/0xxx/CVE-2002-0799.json +++ b/2002/0xxx/CVE-2002-0799.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020521 YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/273512" - }, - { - "name" : "4789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4789" - }, - { - "name" : "cmailserver-user-bo(9132)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9132.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cmailserver-user-bo(9132)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9132.php" + }, + { + "name": "20020521 YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/273512" + }, + { + "name": "4789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4789" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0942.json b/2002/0xxx/CVE-2002-0942.json index f085a316499..a012a899256 100644 --- a/2002/0xxx/CVE-2002-0942.json +++ b/2002/0xxx/CVE-2002-0942.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020614 Lumigent Log Explorer 3.xx extended stored procedures buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0146.html" - }, - { - "name" : "20020614 Follow-up on Lumigent Log Explorer 3.xx extended stored procedures buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/277026" - }, - { - "name" : "http://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htm", - "refsource" : "CONFIRM", - "url" : "http://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htm" - }, - { - "name" : "5016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5016" - }, - { - "name" : "5017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5017" - }, - { - "name" : "5018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5018" - }, - { - "name" : "logexplorer-mssql-xplogattach-bo(9346)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9346.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5017" + }, + { + "name": "20020614 Lumigent Log Explorer 3.xx extended stored procedures buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0146.html" + }, + { + "name": "logexplorer-mssql-xplogattach-bo(9346)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9346.php" + }, + { + "name": "20020614 Follow-up on Lumigent Log Explorer 3.xx extended stored procedures buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/277026" + }, + { + "name": "5016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5016" + }, + { + "name": "http://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htm", + "refsource": "CONFIRM", + "url": "http://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htm" + }, + { + "name": "5018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5018" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1080.json b/2002/1xxx/CVE-2002-1080.json index e21aa14a90a..0ccf5982f0d 100644 --- a/2002/1xxx/CVE-2002-1080.json +++ b/2002/1xxx/CVE-2002-1080.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020822 Abyss 1.0.3 directory traversal and administration bugs", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html" - }, - { - "name" : "http://www.aprelium.com/news/patch1033.html", - "refsource" : "CONFIRM", - "url" : "http://www.aprelium.com/news/patch1033.html" - }, - { - "name" : "abyss-admin-console-access(9957)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9957.php" - }, - { - "name" : "5548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5548" + }, + { + "name": "abyss-admin-console-access(9957)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9957.php" + }, + { + "name": "http://www.aprelium.com/news/patch1033.html", + "refsource": "CONFIRM", + "url": "http://www.aprelium.com/news/patch1033.html" + }, + { + "name": "20020822 Abyss 1.0.3 directory traversal and administration bugs", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1627.json b/2002/1xxx/CVE-2002-1627.json index 1f8331779ff..334d2b39407 100644 --- a/2002/1xxx/CVE-2002-1627.json +++ b/2002/1xxx/CVE-2002-1627.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! before 0.6 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the quiz parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#318835", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/318835" - }, - { - "name" : "3857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3857" - }, - { - "name" : "1003254", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003254" - }, - { - "name" : "quizme-gain-privileges(7970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! before 0.6 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the quiz parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1003254", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003254" + }, + { + "name": "VU#318835", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/318835" + }, + { + "name": "3857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3857" + }, + { + "name": "quizme-gain-privileges(7970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7970" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2027.json b/2002/2xxx/CVE-2002-2027.json index 25293299e7e..9cc56b8a764 100644 --- a/2002/2xxx/CVE-2002-2027.json +++ b/2002/2xxx/CVE-2002-2027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://prdownloads.sourceforge.net/doow/doow_v0.2.2.zip?use_mirror=unc", - "refsource" : "CONFIRM", - "url" : "http://prdownloads.sourceforge.net/doow/doow_v0.2.2.zip?use_mirror=unc" - }, - { - "name" : "3932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://prdownloads.sourceforge.net/doow/doow_v0.2.2.zip?use_mirror=unc", + "refsource": "CONFIRM", + "url": "http://prdownloads.sourceforge.net/doow/doow_v0.2.2.zip?use_mirror=unc" + }, + { + "name": "3932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3932" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0026.json b/2003/0xxx/CVE-2003-0026.json index 245829415f8..5f0df3417a4 100644 --- a/2003/0xxx/CVE-2003-0026.json +++ b/2003/0xxx/CVE-2003-0026.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2003:562", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562" - }, - { - "name" : "DSA-231", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-231" - }, - { - "name" : "MDKSA-2003:007", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:007" - }, - { - "name" : "OpenPKG-SA-2003.002", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html" - }, - { - "name" : "RHSA-2003:011", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-011.html" - }, - { - "name" : "SuSE-SA:2003:0006", - "refsource" : "SUSE", - "url" : "http://www.suse.com/de/security/2003_006_dhcp.html" - }, - { - "name" : "20030122 [securityslackware.com: [slackware-security] New DHCP packages available]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html" - }, - { - "name" : "SuSE-SA:2003:006", - "refsource" : "SUSE", - "url" : "http://www.suse.com/de/security/2003_006_dhcp.html" - }, - { - "name" : "CA-2003-01", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-01.html" - }, - { - "name" : "VU#284857", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/284857" - }, - { - "name" : "N-031", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-031.shtml" - }, - { - "name" : "6627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6627" - }, - { - "name" : "1005924", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005924" - }, - { - "name" : "dhcpd-minires-multiple-bo(11073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:011", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-011.html" + }, + { + "name": "OpenPKG-SA-2003.002", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html" + }, + { + "name": "1005924", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005924" + }, + { + "name": "DSA-231", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-231" + }, + { + "name": "6627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6627" + }, + { + "name": "dhcpd-minires-multiple-bo(11073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11073" + }, + { + "name": "MDKSA-2003:007", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:007" + }, + { + "name": "VU#284857", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/284857" + }, + { + "name": "CA-2003-01", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-01.html" + }, + { + "name": "N-031", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-031.shtml" + }, + { + "name": "SuSE-SA:2003:006", + "refsource": "SUSE", + "url": "http://www.suse.com/de/security/2003_006_dhcp.html" + }, + { + "name": "20030122 [securityslackware.com: [slackware-security] New DHCP packages available]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html" + }, + { + "name": "SuSE-SA:2003:0006", + "refsource": "SUSE", + "url": "http://www.suse.com/de/security/2003_006_dhcp.html" + }, + { + "name": "CLA-2003:562", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1468.json b/2005/1xxx/CVE-2005-1468.json index 57682136f36..44a19b37261 100644 --- a/2005/1xxx/CVE-2005-1468.json +++ b/2005/1xxx/CVE-2005-1468.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html" - }, - { - "name" : "http://www.ethereal.com/news/item_20050504_01.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/news/item_20050504_01.html" - }, - { - "name" : "CLSA-2005:963", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "RHSA-2005:427", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-427.html" - }, - { - "name" : "13504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13504" - }, - { - "name" : "oval:org.mitre.oval:def:10049", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13504" + }, + { + "name": "RHSA-2005:427", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-427.html" + }, + { + "name": "oval:org.mitre.oval:def:10049", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10049" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00019.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00019.html" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "CLSA-2005:963", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" + }, + { + "name": "http://www.ethereal.com/news/item_20050504_01.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/news/item_20050504_01.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1776.json b/2005/1xxx/CVE-2005-1776.json index 31b57f88915..561d29d1885 100644 --- a/2005/1xxx/CVE-2005-1776.json +++ b/2005/1xxx/CVE-2005-1776.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050526 Buffer-overflow in C'Nedra 0.4.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111713300212601&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/cnedrabof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/cnedrabof-adv.txt" - }, - { - "name" : "15519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050526 Buffer-overflow in C'Nedra 0.4.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111713300212601&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/cnedrabof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/cnedrabof-adv.txt" + }, + { + "name": "15519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15519" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1842.json b/2005/1xxx/CVE-2005-1842.json index 54a0f6836ad..284cb1050a1 100644 --- a/2005/1xxx/CVE-2005-1842.json +++ b/2005/1xxx/CVE-2005-1842.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050829 Adobe Version Cue VCNative Arbitrary File Overwrite Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=297&type=vulnerabilities" - }, - { - "name" : "http://www.adobe.com/support/techdocs/327129.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/327129.html" - }, - { - "name" : "14638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14638" - }, - { - "name" : "1014776", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014776" - }, - { - "name" : "16541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14638" + }, + { + "name": "http://www.adobe.com/support/techdocs/327129.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/327129.html" + }, + { + "name": "1014776", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014776" + }, + { + "name": "20050829 Adobe Version Cue VCNative Arbitrary File Overwrite Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=297&type=vulnerabilities" + }, + { + "name": "16541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16541" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1432.json b/2009/1xxx/CVE-2009-1432.json index fb9b1111053..200cb2c846c 100644 --- a/2009/1xxx/CVE-2009-1432.json +++ b/2009/1xxx/CVE-2009-1432.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00" - }, - { - "name" : "34668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34668" - }, - { - "name" : "1022136", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022136" - }, - { - "name" : "1022137", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022137" - }, - { - "name" : "1022138", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022138" - }, - { - "name" : "34935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34935" - }, - { - "name" : "34856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34856" - }, - { - "name" : "ADV-2009-1202", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1202" - }, - { - "name" : "ADV-2009-1204", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1204" - }, - { - "name" : "multiple-symantec-login-spoofing(50172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1204", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1204" + }, + { + "name": "1022137", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022137" + }, + { + "name": "34856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34856" + }, + { + "name": "1022138", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022138" + }, + { + "name": "34935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34935" + }, + { + "name": "1022136", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022136" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00" + }, + { + "name": "ADV-2009-1202", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1202" + }, + { + "name": "multiple-symantec-login-spoofing(50172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50172" + }, + { + "name": "34668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34668" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1654.json b/2009/1xxx/CVE-2009-1654.json index 7cc26408d50..c24e020e224 100644 --- a/2009/1xxx/CVE-2009-1654.json +++ b/2009/1xxx/CVE-2009-1654.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8690", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8690" - }, - { - "name" : "34975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34975" - }, - { - "name" : "54501", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54501" - }, - { - "name" : "35067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34975" + }, + { + "name": "8690", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8690" + }, + { + "name": "54501", + "refsource": "OSVDB", + "url": "http://osvdb.org/54501" + }, + { + "name": "35067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35067" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1747.json b/2009/1xxx/CVE-2009-1747.json index 204ae0ed8e5..52c28c204e6 100644 --- a/2009/1xxx/CVE-2009-1747.json +++ b/2009/1xxx/CVE-2009-1747.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8751", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8751" - }, - { - "name" : "35049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35049" - }, - { - "name" : "35139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35049" + }, + { + "name": "8751", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8751" + }, + { + "name": "35139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35139" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0121.json b/2012/0xxx/CVE-2012-0121.json index 12dc85fb5af..a99da15efe7 100644 --- a/2012/0xxx/CVE-2012-0121.json +++ b/2012/0xxx/CVE-2012-0121.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02746", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/521944" - }, - { - "name" : "SSRT100781", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/521944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100781", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/521944" + }, + { + "name": "HPSBMU02746", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/521944" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0135.json b/2012/0xxx/CVE-2012-0135.json index 5be79790aa7..7da79d750a3 100644 --- a/2012/0xxx/CVE-2012-0135.json +++ b/2012/0xxx/CVE-2012-0135.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-0135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02764", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/522374" - }, - { - "name" : "SSRT100827", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/522374" - }, - { - "name" : "1026925", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026925" - }, - { - "name" : "hp-system-homepage-dos(74917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-system-homepage-dos(74917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74917" + }, + { + "name": "1026925", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026925" + }, + { + "name": "HPSBMU02764", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/522374" + }, + { + "name": "SSRT100827", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/522374" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0449.json b/2012/0xxx/CVE-2012-0449.json index 3ee0b064afe..c6994d90756 100644 --- a/2012/0xxx/CVE-2012-0449.json +++ b/2012/0xxx/CVE-2012-0449.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-08.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701806", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701806" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=702466", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=702466" - }, - { - "name" : "DSA-2400", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2400" - }, - { - "name" : "DSA-2402", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2402" - }, - { - "name" : "DSA-2406", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2406" - }, - { - "name" : "MDVSA-2012:013", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" - }, - { - "name" : "SUSE-SU-2012:0198", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html" - }, - { - "name" : "SUSE-SU-2012:0221", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2012:0234", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" - }, - { - "name" : "51754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51754" - }, - { - "name" : "oval:org.mitre.oval:def:14618", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14618" - }, - { - "name" : "mozilla-xsltstylesheets-code-execution(72868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-08.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-08.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=701806", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=701806" + }, + { + "name": "mozilla-xsltstylesheets-code-execution(72868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72868" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=702466", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=702466" + }, + { + "name": "DSA-2402", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2402" + }, + { + "name": "DSA-2400", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2400" + }, + { + "name": "SUSE-SU-2012:0198", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html" + }, + { + "name": "MDVSA-2012:013", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" + }, + { + "name": "oval:org.mitre.oval:def:14618", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14618" + }, + { + "name": "DSA-2406", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2406" + }, + { + "name": "SUSE-SU-2012:0221", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html" + }, + { + "name": "51754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51754" + }, + { + "name": "openSUSE-SU-2012:0234", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0641.json b/2012/0xxx/CVE-2012-0641.json index 21c5f4ab71d..c581d67c717 100644 --- a/2012/0xxx/CVE-2012-0641.json +++ b/2012/0xxx/CVE-2012-0641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0679.json b/2012/0xxx/CVE-2012-0679.json index 53bb2f6b9eb..96fe76c85a7 100644 --- a/2012/0xxx/CVE-2012-0679.json +++ b/2012/0xxx/CVE-2012-0679.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3363.json b/2012/3xxx/CVE-2012-3363.json index d3f98155676..0729e4b9ae8 100644 --- a/2012/3xxx/CVE-2012-3363.json +++ b/2012/3xxx/CVE-2012-3363.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120626 Re: XXE in Zend", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/26/4" - }, - { - "name" : "[oss-security] 20120626 XXE in Zend", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/26/2" - }, - { - "name" : "[oss-security] 20120627 Re: XXE in Zend", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/27/2" - }, - { - "name" : "[oss-security] 20130325 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/03/25/2" - }, - { - "name" : "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt" - }, - { - "name" : "http://framework.zend.com/security/advisory/ZF2012-01", - "refsource" : "CONFIRM", - "url" : "http://framework.zend.com/security/advisory/ZF2012-01" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=225345", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=225345" - }, - { - "name" : "DSA-2505", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2505" - }, - { - "name" : "FEDORA-2013-4387", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" - }, - { - "name" : "FEDORA-2013-4404", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" - }, - { - "name" : "1027208", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=225345", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=225345" + }, + { + "name": "FEDORA-2013-4387", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" + }, + { + "name": "[oss-security] 20120627 Re: XXE in Zend", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/27/2" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284" + }, + { + "name": "DSA-2505", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2505" + }, + { + "name": "[oss-security] 20120626 Re: XXE in Zend", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/26/4" + }, + { + "name": "FEDORA-2013-4404", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" + }, + { + "name": "[oss-security] 20120626 XXE in Zend", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/26/2" + }, + { + "name": "[oss-security] 20130325 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/03/25/2" + }, + { + "name": "1027208", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027208" + }, + { + "name": "http://framework.zend.com/security/advisory/ZF2012-01", + "refsource": "CONFIRM", + "url": "http://framework.zend.com/security/advisory/ZF2012-01" + }, + { + "name": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3413.json b/2012/3xxx/CVE-2012-3413.json index 32e75cff581..95593e373d7 100644 --- a/2012/3xxx/CVE-2012-3413.json +++ b/2012/3xxx/CVE-2012-3413.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120713 CVE Request: KDE Pim", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/13/3" - }, - { - "name" : "[oss-security] 20120713 Re: CVE Request: KDE Pim", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/13/4" - }, - { - "name" : "[oss-security] 20120716 Re: CVE Request: KDE Pim", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/16/3" - }, - { - "name" : "[oss-security] 20120717 Re: CVE Request: KDE Pim", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/17/11" - }, - { - "name" : "https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54", - "refsource" : "CONFIRM", - "url" : "https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54" - }, - { - "name" : "FEDORA-2012-10410", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083946.html" - }, - { - "name" : "FEDORA-2012-10411", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084262.html" - }, - { - "name" : "USN-1512-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1512-1" - }, - { - "name" : "50008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-10410", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083946.html" + }, + { + "name": "https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54", + "refsource": "CONFIRM", + "url": "https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54" + }, + { + "name": "[oss-security] 20120716 Re: CVE Request: KDE Pim", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/16/3" + }, + { + "name": "USN-1512-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1512-1" + }, + { + "name": "FEDORA-2012-10411", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084262.html" + }, + { + "name": "50008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50008" + }, + { + "name": "[oss-security] 20120717 Re: CVE Request: KDE Pim", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/17/11" + }, + { + "name": "[oss-security] 20120713 CVE Request: KDE Pim", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/13/3" + }, + { + "name": "[oss-security] 20120713 Re: CVE Request: KDE Pim", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/13/4" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3642.json b/2012/3xxx/CVE-2012-3642.json index a608ff9d553..02b43bd7c9c 100644 --- a/2012/3xxx/CVE-2012-3642.json +++ b/2012/3xxx/CVE-2012-3642.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3684.json b/2012/3xxx/CVE-2012-3684.json index c8edacf9fbb..0241db1b283 100644 --- a/2012/3xxx/CVE-2012-3684.json +++ b/2012/3xxx/CVE-2012-3684.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85376", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85376" - }, - { - "name" : "oval:org.mitre.oval:def:17393", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17393" - }, - { - "name" : "apple-itunes-webkit-cve20123684(78517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "oval:org.mitre.oval:def:17393", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17393" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "apple-itunes-webkit-cve20123684(78517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78517" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "85376", + "refsource": "OSVDB", + "url": "http://osvdb.org/85376" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4104.json b/2012/4xxx/CVE-2012-4104.json index a3a7efd651d..4e9962442ae 100644 --- a/2012/4xxx/CVE-2012-4104.json +++ b/2012/4xxx/CVE-2012-4104.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130930 Cisco Unified Computing System Fabric Interconnect Directory Traversal Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130930 Cisco Unified Computing System Fabric Interconnect Directory Traversal Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4104" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6361.json b/2012/6xxx/CVE-2012-6361.json index 4e9bb0d0d84..db28b8a14d3 100644 --- a/2012/6xxx/CVE-2012-6361.json +++ b/2012/6xxx/CVE-2012-6361.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6361", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6361", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2216.json b/2017/2xxx/CVE-2017-2216.json index b0244e73b5f..9ed79095a04 100644 --- a/2017/2xxx/CVE-2017-2216.json +++ b/2017/2xxx/CVE-2017-2216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WordPress Download Manager", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.9.50" - } - ] - } - } - ] - }, - "vendor_name" : "W3 Eden, Inc. " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WordPress Download Manager", + "version": { + "version_data": [ + { + "version_value": "prior to version 2.9.50" + } + ] + } + } + ] + }, + "vendor_name": "W3 Eden, Inc. " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://plugins.trac.wordpress.org/changeset/1650075/", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1650075/" - }, - { - "name" : "https://wordpress.org/plugins/download-manager/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/download-manager/#developers" - }, - { - "name" : "JVN#79738260", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN79738260/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plugins.trac.wordpress.org/changeset/1650075/", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1650075/" + }, + { + "name": "JVN#79738260", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN79738260/index.html" + }, + { + "name": "https://wordpress.org/plugins/download-manager/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/download-manager/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6029.json b/2017/6xxx/CVE-2017-6029.json index 2dd810a61d3..51f7a483db0 100644 --- a/2017/6xxx/CVE-2017-6029.json +++ b/2017/6xxx/CVE-2017-6029.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-6029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Certec EDV GmbH atvise scada", - "version" : { - "version_data" : [ - { - "version_value" : "Certec EDV GmbH atvise scada" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-6029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Certec EDV GmbH atvise scada", + "version": { + "version_data": [ + { + "version_value": "Certec EDV GmbH atvise scada" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A" - }, - { - "name" : "97479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A" + }, + { + "name": "97479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97479" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6075.json b/2017/6xxx/CVE-2017-6075.json index 99ac44a5963..0ff78931e7e 100644 --- a/2017/6xxx/CVE-2017-6075.json +++ b/2017/6xxx/CVE-2017-6075.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6075", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6075", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6081.json b/2017/6xxx/CVE-2017-6081.json index bd90dd08f56..b831d0c9f70 100644 --- a/2017/6xxx/CVE-2017-6081.json +++ b/2017/6xxx/CVE-2017-6081.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zammad.com/de/news/security-advisory-zaa-2017-01", - "refsource" : "CONFIRM", - "url" : "https://zammad.com/de/news/security-advisory-zaa-2017-01" - }, - { - "name" : "96937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96937" + }, + { + "name": "https://zammad.com/de/news/security-advisory-zaa-2017-01", + "refsource": "CONFIRM", + "url": "https://zammad.com/de/news/security-advisory-zaa-2017-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6360.json b/2017/6xxx/CVE-2017-6360.json index 80a6976aaee..55d8bf026c6 100644 --- a/2017/6xxx/CVE-2017-6360.json +++ b/2017/6xxx/CVE-2017-6360.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41842", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41842/" - }, - { - "name" : "https://www.qnap.com/en-us/releasenotes/", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/en-us/releasenotes/" - }, - { - "name" : "https://www.qnap.com/en/support/con_show.php?cid=113", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/en/support/con_show.php?cid=113" - }, - { - "name" : "97059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97059" - }, - { - "name" : "97072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97072" - }, - { - "name" : "1038091", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97072" + }, + { + "name": "https://www.qnap.com/en/support/con_show.php?cid=113", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/en/support/con_show.php?cid=113" + }, + { + "name": "41842", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41842/" + }, + { + "name": "1038091", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038091" + }, + { + "name": "https://www.qnap.com/en-us/releasenotes/", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/en-us/releasenotes/" + }, + { + "name": "97059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97059" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6548.json b/2017/6xxx/CVE-2017-6548.json index d546247946b..ea7af1a1344 100644 --- a/2017/6xxx/CVE-2017-6548.json +++ b/2017/6xxx/CVE-2017-6548.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41573", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41573/" - }, - { - "name" : "https://bierbaumer.net/security/asuswrt/#remote-code-execution", - "refsource" : "MISC", - "url" : "https://bierbaumer.net/security/asuswrt/#remote-code-execution" - }, - { - "name" : "https://asuswrt.lostrealm.ca/changelog", - "refsource" : "CONFIRM", - "url" : "https://asuswrt.lostrealm.ca/changelog" - }, - { - "name" : "96938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://asuswrt.lostrealm.ca/changelog", + "refsource": "CONFIRM", + "url": "https://asuswrt.lostrealm.ca/changelog" + }, + { + "name": "41573", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41573/" + }, + { + "name": "96938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96938" + }, + { + "name": "https://bierbaumer.net/security/asuswrt/#remote-code-execution", + "refsource": "MISC", + "url": "https://bierbaumer.net/security/asuswrt/#remote-code-execution" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6590.json b/2017/6xxx/CVE-2017-6590.json index badd34ed26c..97754de1d90 100644 --- a/2017/6xxx/CVE-2017-6590.json +++ b/2017/6xxx/CVE-2017-6590.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.youtube.com/watch?v=Fp2lwRVg0l0", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=Fp2lwRVg0l0" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321" - }, - { - "name" : "https://www.ubuntu.com/usn/usn-3217-1/", - "refsource" : "CONFIRM", - "url" : "https://www.ubuntu.com/usn/usn-3217-1/" - }, - { - "name" : "GLSA-201707-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-09" - }, - { - "name" : "1037977", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ubuntu.com/usn/usn-3217-1/", + "refsource": "CONFIRM", + "url": "https://www.ubuntu.com/usn/usn-3217-1/" + }, + { + "name": "GLSA-201707-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-09" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321" + }, + { + "name": "https://www.youtube.com/watch?v=Fp2lwRVg0l0", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0" + }, + { + "name": "1037977", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037977" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7274.json b/2017/7xxx/CVE-2017-7274.json index d4b2727fd3a..74c428f1b6b 100644 --- a/2017/7xxx/CVE-2017-7274.json +++ b/2017/7xxx/CVE-2017-7274.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf" - }, - { - "name" : "https://github.com/radare/radare2/issues/7152", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/7152" - }, - { - "name" : "97181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf" + }, + { + "name": "97181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97181" + }, + { + "name": "https://github.com/radare/radare2/issues/7152", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/7152" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7356.json b/2017/7xxx/CVE-2017-7356.json index 20b76a57bf9..fb5d3adecee 100644 --- a/2017/7xxx/CVE-2017-7356.json +++ b/2017/7xxx/CVE-2017-7356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7459.json b/2017/7xxx/CVE-2017-7459.json index 94bccb42161..44d38c38c41 100644 --- a/2017/7xxx/CVE-2017-7459.json +++ b/2017/7xxx/CVE-2017-7459.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntopng before 3.0 allows HTTP Response Splitting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntopng before 3.0 allows HTTP Response Splitting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7542.json b/2017/7xxx/CVE-2017-7542.json index 73c4463296d..d4c235a76b3 100644 --- a/2017/7xxx/CVE-2017-7542.json +++ b/2017/7xxx/CVE-2017-7542.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel versions up to and including 4.12", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel versions up to and including 4.12" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-190" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel versions up to and including 4.12", + "version": { + "version_data": [ + { + "version_value": "Linux kernel versions up to and including 4.12" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-3927", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3927" - }, - { - "name" : "DSA-3945", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3945" - }, - { - "name" : "RHSA-2017:2918", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2918" - }, - { - "name" : "RHSA-2017:2930", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2930" - }, - { - "name" : "RHSA-2017:2931", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2931" - }, - { - "name" : "RHSA-2018:0169", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0169" - }, - { - "name" : "USN-3583-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-1/" - }, - { - "name" : "USN-3583-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-2/" - }, - { - "name" : "99953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3927", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3927" + }, + { + "name": "RHSA-2018:0169", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0169" + }, + { + "name": "USN-3583-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-2/" + }, + { + "name": "RHSA-2017:2918", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2918" + }, + { + "name": "RHSA-2017:2931", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2931" + }, + { + "name": "99953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99953" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "USN-3583-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-1/" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6" + }, + { + "name": "DSA-3945", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3945" + }, + { + "name": "https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6" + }, + { + "name": "RHSA-2017:2930", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2930" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7781.json b/2017/7xxx/CVE-2017-7781.json index ba0c89eb57a..f1798a6da2d 100644 --- a/2017/7xxx/CVE-2017-7781.json +++ b/2017/7xxx/CVE-2017-7781.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "55" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elliptic curve point addition error when using mixed Jacobian-affine coordinates" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "55" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/" - }, - { - "name" : "100383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100383" - }, - { - "name" : "1039124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elliptic curve point addition error when using mixed Jacobian-affine coordinates" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100383" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-18/" + }, + { + "name": "1039124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039124" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10089.json b/2018/10xxx/CVE-2018-10089.json index 0aa46a7965b..a4879e3c4a3 100644 --- a/2018/10xxx/CVE-2018-10089.json +++ b/2018/10xxx/CVE-2018-10089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10089", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10089", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10098.json b/2018/10xxx/CVE-2018-10098.json index aa43036602b..283d695ff3d 100644 --- a/2018/10xxx/CVE-2018-10098.json +++ b/2018/10xxx/CVE-2018-10098.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\\\.\\econceal to cause a denial of service (BSOD)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180712 eScan ISS for Business v14.0.1400.2029 - BSOD through of a\tIOCTL", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/53" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\\\.\\econceal to cause a denial of service (BSOD)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180712 eScan ISS for Business v14.0.1400.2029 - BSOD through of a\tIOCTL", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/53" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14025.json b/2018/14xxx/CVE-2018-14025.json index 2841432d757..a4b7f6e0b8e 100644 --- a/2018/14xxx/CVE-2018-14025.json +++ b/2018/14xxx/CVE-2018-14025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14827.json b/2018/14xxx/CVE-2018-14827.json index aa698f97045..f0c6df35801 100644 --- a/2018/14xxx/CVE-2018-14827.json +++ b/2018/14xxx/CVE-2018-14827.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-09-20T00:00:00", - "ID" : "CVE-2018-14827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSLinx Classic", - "version" : { - "version_data" : [ - { - "version_value" : "4.00.01 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Rockwell Automation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-09-20T00:00:00", + "ID": "CVE-2018-14827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSLinx Classic", + "version": { + "version_data": [ + { + "version_value": "4.00.01 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Rockwell Automation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14854.json b/2018/14xxx/CVE-2018-14854.json index f17d4aa4ca4..c8e3c4bd69a 100644 --- a/2018/14xxx/CVE-2018-14854.json +++ b/2018/14xxx/CVE-2018-14854.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md", - "refsource" : "MISC", - "url" : "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md", + "refsource": "MISC", + "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14953.json b/2018/14xxx/CVE-2018-14953.json index 7a27d79b7fb..dff35656c52 100644 --- a/2018/14xxx/CVE-2018-14953.json +++ b/2018/14xxx/CVE-2018-14953.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"