diff --git a/2002/0xxx/CVE-2002-0210.json b/2002/0xxx/CVE-2002-0210.json index 9a9bc31b1a3..b34ac681f5c 100644 --- a/2002/0xxx/CVE-2002-0210.json +++ b/2002/0xxx/CVE-2002-0210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020126 bru backup program", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/252614" - }, - { - "name" : "3970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3970" - }, - { - "name" : "bru-tmp-file-symlink(8003)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8003.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3970" + }, + { + "name": "20020126 bru backup program", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/252614" + }, + { + "name": "bru-tmp-file-symlink(8003)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8003.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0406.json b/2002/0xxx/CVE-2002-0406.json index a986bc06ba3..33dd7720893 100644 --- a/2002/0xxx/CVE-2002-0406.json +++ b/2002/0xxx/CVE-2002-0406.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020302 Denial of Service in Sphereserver", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/259334" - }, - { - "name" : "sphereserver-connections-dos(8338)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8338.php" - }, - { - "name" : "4258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020302 Denial of Service in Sphereserver", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/259334" + }, + { + "name": "sphereserver-connections-dos(8338)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8338.php" + }, + { + "name": "4258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4258" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0407.json b/2002/0xxx/CVE-2002-0407.json index 6b47b63ee37..597f1ab7ed3 100644 --- a/2002/0xxx/CVE-2002-0407.json +++ b/2002/0xxx/CVE-2002-0407.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101310812804716&w=2" - }, - { - "name" : "20020402 KPMG-2002006: Lotus Domino Physical Path Revealed", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/265380" - }, - { - "name" : "4406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4406" - }, - { - "name" : "lotus-domino-reveal-information(8160)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8160.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020402 KPMG-2002006: Lotus Domino Physical Path Revealed", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/265380" + }, + { + "name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101310812804716&w=2" + }, + { + "name": "4406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4406" + }, + { + "name": "lotus-domino-reveal-information(8160)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8160.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0971.json b/2002/0xxx/CVE-2002-0971.json index 5f6906cd5c7..ba864540a65 100644 --- a/2002/0xxx/CVE-2002-0971.json +++ b/2002/0xxx/CVE-2002-0971.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020821 Win32 API 'shatter' vulnerability found in VNC-based products", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102994289123085&w=2" - }, - { - "name" : "5530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5530" - }, - { - "name" : "vnc-win32-messaging-privileges(9979)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9979.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the \"Add new clients\" dialogue box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5530" + }, + { + "name": "vnc-win32-messaging-privileges(9979)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9979.php" + }, + { + "name": "20020821 Win32 API 'shatter' vulnerability found in VNC-based products", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102994289123085&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1057.json b/2002/1xxx/CVE-2002-1057.json index bd3e22ab7c4..978594c6e01 100644 --- a/2002/1xxx/CVE-2002-1057.json +++ b/2002/1xxx/CVE-2002-1057.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020723 MailMax security advisory/exploit/patch", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html" - }, - { - "name" : "5285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5285" - }, - { - "name" : "mailmax-pop3max-user-bo(9651)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9651.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mailmax-pop3max-user-bo(9651)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9651.php" + }, + { + "name": "5285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5285" + }, + { + "name": "20020723 MailMax security advisory/exploit/patch", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1099.json b/2002/1xxx/CVE-2002-1099.json index 8d2421131d7..afe04db9cec 100644 --- a/2002/1xxx/CVE-2002-1099.json +++ b/2002/1xxx/CVE-2002-1099.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" - }, - { - "name" : "cisco-vpn-web-access(10024)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10024.php" - }, - { - "name" : "5616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" + }, + { + "name": "5616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5616" + }, + { + "name": "cisco-vpn-web-access(10024)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10024.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1680.json b/2002/1xxx/CVE-2002-1680.json index 57377910b22..5b4dc553e24 100644 --- a/2002/1xxx/CVE-2002-1680.json +++ b/2002/1xxx/CVE-2002-1680.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020121 Security holes in COWS (CGI Online Worldweb Shopping)", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/251570" - }, - { - "name" : "3921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3921" - }, - { - "name" : "3914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3914" - }, - { - "name" : "cows-cgi-css(7986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3921" + }, + { + "name": "cows-cgi-css(7986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7986" + }, + { + "name": "3914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3914" + }, + { + "name": "20020121 Security holes in COWS (CGI Online Worldweb Shopping)", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/251570" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1821.json b/2002/1xxx/CVE-2002-1821.json index 804f9921a80..268abef9591 100644 --- a/2002/1xxx/CVE-2002-1821.json +++ b/2002/1xxx/CVE-2002-1821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5666" - }, - { - "name" : "1005198", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1005198", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005198" + }, + { + "name": "5666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5666" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2088.json b/2002/2xxx/CVE-2002-2088.json index ec55a8e8b21..e2d7feba89b 100644 --- a/2002/2xxx/CVE-2002-2088.json +++ b/2002/2xxx/CVE-2002-2088.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020423 Denial of Service in Mosix 1.5.x", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0327.html" - }, - { - "name" : "4581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4581" - }, - { - "name" : "mosix-clumpos-blank-password(8928)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8928.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4581" + }, + { + "name": "20020423 Denial of Service in Mosix 1.5.x", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0327.html" + }, + { + "name": "mosix-clumpos-blank-password(8928)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8928.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2177.json b/2002/2xxx/CVE-2002-2177.json index 431fa2da1d1..78a390213ee 100644 --- a/2002/2xxx/CVE-2002-2177.json +++ b/2002/2xxx/CVE-2002-2177.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA02-20.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/38" - }, - { - "name" : "weblogic-http-response-information(10221)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10221.php" - }, - { - "name" : "5819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA02-20.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/38" + }, + { + "name": "weblogic-http-response-information(10221)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10221.php" + }, + { + "name": "5819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5819" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0139.json b/2003/0xxx/CVE-2003-0139.json index 7d240ebfbfb..7f694164ab9 100644 --- a/2003/0xxx/CVE-2003-0139.json +++ b/2003/0xxx/CVE-2003-0139.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104791775804776&w=2" - }, - { - "name" : "20030330 GLSA: openafs (200303-26)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/317130/30/25250/threaded" - }, - { - "name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded" - }, - { - "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt" - }, - { - "name" : "DSA-266", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-266" - }, - { - "name" : "DSA-273", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-273" - }, - { - "name" : "RHSA-2003:051", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html" - }, - { - "name" : "RHSA-2003:052", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html" - }, - { - "name" : "RHSA-2003:091", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html" - }, - { - "name" : "VU#442569", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/442569" - }, - { - "name" : "oval:org.mitre.oval:def:250", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:052", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-052.html" + }, + { + "name": "20030331 GLSA: krb5 & mit-krb5 (200303-28)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded" + }, + { + "name": "VU#442569", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/442569" + }, + { + "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt" + }, + { + "name": "RHSA-2003:091", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-091.html" + }, + { + "name": "DSA-273", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-273" + }, + { + "name": "oval:org.mitre.oval:def:250", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250" + }, + { + "name": "RHSA-2003:051", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-051.html" + }, + { + "name": "20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104791775804776&w=2" + }, + { + "name": "DSA-266", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-266" + }, + { + "name": "20030330 GLSA: openafs (200303-26)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/317130/30/25250/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0217.json b/2003/0xxx/CVE-2003-0217.json index bfe0a2233f1..24e51dbe9bd 100644 --- a/2003/0xxx/CVE-2003-0217.json +++ b/2003/0xxx/CVE-2003-0217.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030513 XSS In Neoteris IVE Allows Session Hijacking", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105283833617480&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030513 XSS In Neoteris IVE Allows Session Hijacking", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105283833617480&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0228.json b/2003/0xxx/CVE-2003-0228.json index ab4273d4738..fbda540a3cb 100644 --- a/2003/0xxx/CVE-2003-0228.json +++ b/2003/0xxx/CVE-2003-0228.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030507 Windows Media Player directory traversal vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105232913516488&w=2" - }, - { - "name" : "20030507 Windows Media Player directory traversal vulnerability", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105233960728901&w=2" - }, - { - "name" : "20030508 why i love xs4all + mediaplayer thingie", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105240528419389&w=2" - }, - { - "name" : "MS03-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-017" - }, - { - "name" : "VU#384932", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/384932" - }, - { - "name" : "7517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7517" - }, - { - "name" : "oval:org.mitre.oval:def:321", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A321" - }, - { - "name" : "mediaplayer-skin-code-execution(11953)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030507 Windows Media Player directory traversal vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105232913516488&w=2" + }, + { + "name": "7517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7517" + }, + { + "name": "20030507 Windows Media Player directory traversal vulnerability", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105233960728901&w=2" + }, + { + "name": "mediaplayer-skin-code-execution(11953)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11953" + }, + { + "name": "oval:org.mitre.oval:def:321", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A321" + }, + { + "name": "VU#384932", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/384932" + }, + { + "name": "20030508 why i love xs4all + mediaplayer thingie", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105240528419389&w=2" + }, + { + "name": "MS03-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-017" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0270.json b/2003/0xxx/CVE-2003-0270.json index 01fb27f6c5e..8396b98e4dd 100644 --- a/2003/0xxx/CVE-2003-0270.json +++ b/2003/0xxx/CVE-2003-0270.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A051203-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a051203-1.txt" - }, - { - "name" : "7554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7554" - }, - { - "name" : "1006742", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1006742" - }, - { - "name" : "8773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8773" - }, - { - "name" : "airport-auth-credentials-disclosure(11980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "airport-auth-credentials-disclosure(11980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980" + }, + { + "name": "8773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8773" + }, + { + "name": "1006742", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1006742" + }, + { + "name": "7554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7554" + }, + { + "name": "A051203-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a051203-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0128.json b/2012/0xxx/CVE-2012-0128.json index ba6f8e14f15..4c404b19294 100644 --- a/2012/0xxx/CVE-2012-0128.json +++ b/2012/0xxx/CVE-2012-0128.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-0128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02759", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/522176" - }, - { - "name" : "SSRT100817", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/522176" - }, - { - "name" : "52862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52862" - }, - { - "name" : "1026889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026889" - }, - { - "name" : "hpoa-unspecified-open-redirect(74575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100817", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/522176" + }, + { + "name": "hpoa-unspecified-open-redirect(74575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74575" + }, + { + "name": "1026889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026889" + }, + { + "name": "52862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52862" + }, + { + "name": "HPSBMU02759", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/522176" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0320.json b/2012/0xxx/CVE-2012-0320.json index eebd7e77f71..3204569bdf6 100644 --- a/2012/0xxx/CVE-2012-0320.json +++ b/2012/0xxx/CVE-2012-0320.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-0320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html", - "refsource" : "CONFIRM", - "url" : "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html" - }, - { - "name" : "http://www.movabletype.org/documentation/appendices/release-notes/513.html", - "refsource" : "CONFIRM", - "url" : "http://www.movabletype.org/documentation/appendices/release-notes/513.html" - }, - { - "name" : "DSA-2423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2423" - }, - { - "name" : "JVN#20083397", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN20083397/index.html" - }, - { - "name" : "JVNDB-2012-000018", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018" - }, - { - "name" : "52138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52138" - }, - { - "name" : "1026738", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html", + "refsource": "CONFIRM", + "url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html" + }, + { + "name": "JVN#20083397", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN20083397/index.html" + }, + { + "name": "52138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52138" + }, + { + "name": "DSA-2423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2423" + }, + { + "name": "1026738", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026738" + }, + { + "name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html", + "refsource": "CONFIRM", + "url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html" + }, + { + "name": "JVNDB-2012-000018", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0761.json b/2012/0xxx/CVE-2012-0761.json index 04d0e7901cc..5292540a41d 100644 --- a/2012/0xxx/CVE-2012-0761.json +++ b/2012/0xxx/CVE-2012-0761.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html" - }, - { - "name" : "52001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52001" - }, - { - "name" : "79241", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79241" - }, - { - "name" : "adobe-shockwave-3d-code-exec(73174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79241", + "refsource": "OSVDB", + "url": "http://osvdb.org/79241" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-02.html" + }, + { + "name": "adobe-shockwave-3d-code-exec(73174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73174" + }, + { + "name": "52001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52001" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0959.json b/2012/0xxx/CVE-2012-0959.json index 7326f7ad210..b0913a18251 100644 --- a/2012/0xxx/CVE-2012-0959.json +++ b/2012/0xxx/CVE-2012-0959.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2012-0959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/remote-login-service/%2Bbug/1070896", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/remote-login-service/%2Bbug/1070896" - }, - { - "name" : "USN-1624-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1624-1" - }, - { - "name" : "remote-login-info-disc(80278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/remote-login-service/%2Bbug/1070896", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/remote-login-service/%2Bbug/1070896" + }, + { + "name": "USN-1624-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1624-1" + }, + { + "name": "remote-login-info-disc(80278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80278" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1361.json b/2012/1xxx/CVE-2012-1361.json index b4f1707e46a..c59561c64c9 100644 --- a/2012/1xxx/CVE-2012-1361.json +++ b/2012/1xxx/CVE-2012-1361.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-3TCAVS.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-3TCAVS.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-3TCAVS.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-3TCAVS.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3498.json b/2012/3xxx/CVE-2012-3498.json index 6553f33ee64..55d91135f17 100644 --- a/2012/3xxx/CVE-2012-3498.json +++ b/2012/3xxx/CVE-2012-3498.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-announce] 20120905 Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html" - }, - { - "name" : "[oss-security] 20120905 Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/05/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=851193", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851193" - }, - { - "name" : "http://support.citrix.com/article/CTX134708", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX134708" - }, - { - "name" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-16_PHYSDEVOP_map_pirq_index_vulnerability", - "refsource" : "CONFIRM", - "url" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-16_PHYSDEVOP_map_pirq_index_vulnerability" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "openSUSE-SU-2012:1172", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" - }, - { - "name" : "SUSE-SU-2012:1132", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html" - }, - { - "name" : "SUSE-SU-2012:1133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html" - }, - { - "name" : "openSUSE-SU-2012:1572", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" - }, - { - "name" : "55414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55414" - }, - { - "name" : "85198", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85198" - }, - { - "name" : "1027483", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1027483" - }, - { - "name" : "50472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50472" - }, - { - "name" : "50530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50530" - }, - { - "name" : "51413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51413" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - }, - { - "name" : "xen-physdevopmappirq-dos(78269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "50530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50530" + }, + { + "name": "51413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51413" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "55414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55414" + }, + { + "name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-16_PHYSDEVOP_map_pirq_index_vulnerability", + "refsource": "CONFIRM", + "url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-16_PHYSDEVOP_map_pirq_index_vulnerability" + }, + { + "name": "openSUSE-SU-2012:1572", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" + }, + { + "name": "50472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50472" + }, + { + "name": "[Xen-announce] 20120905 Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html" + }, + { + "name": "85198", + "refsource": "OSVDB", + "url": "http://osvdb.org/85198" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + }, + { + "name": "xen-physdevopmappirq-dos(78269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78269" + }, + { + "name": "SUSE-SU-2012:1132", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html" + }, + { + "name": "http://support.citrix.com/article/CTX134708", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX134708" + }, + { + "name": "SUSE-SU-2012:1133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html" + }, + { + "name": "openSUSE-SU-2012:1573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" + }, + { + "name": "[oss-security] 20120905 Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/05/9" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=851193", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851193" + }, + { + "name": "openSUSE-SU-2012:1172", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" + }, + { + "name": "1027483", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1027483" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3657.json b/2012/3xxx/CVE-2012-3657.json index 5d0301397e4..32fb699cbaf 100644 --- a/2012/3xxx/CVE-2012-3657.json +++ b/2012/3xxx/CVE-2012-3657.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85416", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85416" - }, - { - "name" : "oval:org.mitre.oval:def:16891", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16891" - }, - { - "name" : "apple-itunes-webkit-cve20123657(78528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "oval:org.mitre.oval:def:16891", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16891" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "apple-itunes-webkit-cve20123657(78528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78528" + }, + { + "name": "85416", + "refsource": "OSVDB", + "url": "http://osvdb.org/85416" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3910.json b/2012/3xxx/CVE-2012-3910.json index e60aa4617ef..aab9f0849d5 100644 --- a/2012/3xxx/CVE-2012-3910.json +++ b/2012/3xxx/CVE-2012-3910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3955.json b/2012/3xxx/CVE-2012-3955.json index 9fa7adda93b..66ba26d4740 100644 --- a/2012/3xxx/CVE-2012-3955.json +++ b/2012/3xxx/CVE-2012-3955.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/article/AA-00779", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-00779" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of" - }, - { - "name" : "DSA-2551", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2551" - }, - { - "name" : "FEDORA-2012-13910", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html" - }, - { - "name" : "FEDORA-2012-14076", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html" - }, - { - "name" : "FEDORA-2012-14149", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html" - }, - { - "name" : "GLSA-201301-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-06.xml" - }, - { - "name" : "MDVSA-2012:153", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153" - }, - { - "name" : "RHSA-2013:0504", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0504.html" - }, - { - "name" : "openSUSE-SU-2012:1234", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html" - }, - { - "name" : "openSUSE-SU-2012:1252", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html" - }, - { - "name" : "openSUSE-SU-2012:1254", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html" - }, - { - "name" : "USN-1571-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1571-1" - }, - { - "name" : "55530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55530" - }, - { - "name" : "1027528", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027528" - }, - { - "name" : "51318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-14149", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html" + }, + { + "name": "openSUSE-SU-2012:1252", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html" + }, + { + "name": "USN-1571-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1571-1" + }, + { + "name": "openSUSE-SU-2012:1234", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html" + }, + { + "name": "DSA-2551", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2551" + }, + { + "name": "51318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51318" + }, + { + "name": "MDVSA-2012:153", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:153" + }, + { + "name": "FEDORA-2012-13910", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html" + }, + { + "name": "55530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55530" + }, + { + "name": "FEDORA-2012-14076", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html" + }, + { + "name": "RHSA-2013:0504", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0504.html" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3955_denial_of" + }, + { + "name": "openSUSE-SU-2012:1254", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html" + }, + { + "name": "GLSA-201301-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml" + }, + { + "name": "https://kb.isc.org/article/AA-00779", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-00779" + }, + { + "name": "1027528", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027528" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4493.json b/2012/4xxx/CVE-2012-4493.json index 1ff93123de3..3b8fbe833d4 100644 --- a/2012/4xxx/CVE-2012-4493.json +++ b/2012/4xxx/CVE-2012-4493.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the \"administer better revisions\" permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" - }, - { - "name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" - }, - { - "name" : "http://drupal.org/node/1719402", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1719402" - }, - { - "name" : "http://drupal.org/node/1713378", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1713378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the \"administer better revisions\" permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6" + }, + { + "name": "http://drupal.org/node/1713378", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1713378" + }, + { + "name": "http://drupal.org/node/1719402", + "refsource": "MISC", + "url": "http://drupal.org/node/1719402" + }, + { + "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4607.json b/2012/4xxx/CVE-2012-4607.json index 5b1ad3c2944..dbbe83f6bb3 100644 --- a/2012/4xxx/CVE-2012-4607.json +++ b/2012/4xxx/CVE-2012-4607.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-4607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130107 ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0029.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130107 ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0029.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4968.json b/2012/4xxx/CVE-2012-4968.json index f88241e9fe1..71ad48a810c 100644 --- a/2012/4xxx/CVE-2012-4968.json +++ b/2012/4xxx/CVE-2012-4968.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1" - }, - { - "name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3" - }, - { - "name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13" - }, - { - "name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7" - }, - { - "name" : "https://github.com/silverstripe/sapphire/commit/0085876", - "refsource" : "CONFIRM", - "url" : "https://github.com/silverstripe/sapphire/commit/0085876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7" + }, + { + "name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/1" + }, + { + "name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/3" + }, + { + "name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13" + }, + { + "name": "https://github.com/silverstripe/sapphire/commit/0085876", + "refsource": "CONFIRM", + "url": "https://github.com/silverstripe/sapphire/commit/0085876" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2135.json b/2017/2xxx/CVE-2017-2135.json index e4deafb6ef3..6ca563a13a3 100644 --- a/2017/2xxx/CVE-2017-2135.json +++ b/2017/2xxx/CVE-2017-2135.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WP Statistics", - "version" : { - "version_data" : [ - { - "version_value" : "version 12.0.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "WP Statistics" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Statistics", + "version": { + "version_data": [ + { + "version_value": "version 12.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "WP Statistics" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wp-statistics.com/change-log/", - "refsource" : "MISC", - "url" : "https://wp-statistics.com/change-log/" - }, - { - "name" : "JVN#17633442", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN17633442/index.html" - }, - { - "name" : "98610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wp-statistics.com/change-log/", + "refsource": "MISC", + "url": "https://wp-statistics.com/change-log/" + }, + { + "name": "JVN#17633442", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN17633442/index.html" + }, + { + "name": "98610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98610" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2136.json b/2017/2xxx/CVE-2017-2136.json index 43aa162a9f2..1eb4e865803 100644 --- a/2017/2xxx/CVE-2017-2136.json +++ b/2017/2xxx/CVE-2017-2136.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WP Statistics", - "version" : { - "version_data" : [ - { - "version_value" : "version 12.0.4 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "WP Statistics" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP Statistics", + "version": { + "version_data": [ + { + "version_value": "version 12.0.4 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "WP Statistics" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wp-statistics.com/change-log/", - "refsource" : "MISC", - "url" : "https://wp-statistics.com/change-log/" - }, - { - "name" : "JVN#62392065", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN62392065/index.html" - }, - { - "name" : "97289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wp-statistics.com/change-log/", + "refsource": "MISC", + "url": "https://wp-statistics.com/change-log/" + }, + { + "name": "97289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97289" + }, + { + "name": "JVN#62392065", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN62392065/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2297.json b/2017/2xxx/CVE-2017-2297.json index 6b4338cf554..305b3a65f26 100644 --- a/2017/2xxx/CVE-2017-2297.json +++ b/2017/2xxx/CVE-2017-2297.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@puppet.com", - "DATE_PUBLIC" : "2018-02-01T00:00:00", - "ID" : "CVE-2017-2297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Puppet Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "2016.4.x prior to 2016.4.5, 2016.5.x, 2017.1.x" - } - ] - } - } - ] - }, - "vendor_name" : "Puppet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@puppet.com", + "DATE_PUBLIC": "2018-02-01T00:00:00", + "ID": "CVE-2017-2297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Puppet Enterprise", + "version": { + "version_data": [ + { + "version_value": "2016.4.x prior to 2016.4.5, 2016.5.x, 2017.1.x" + } + ] + } + } + ] + }, + "vendor_name": "Puppet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://puppet.com/security/cve/cve-2017-2297", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2017-2297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/cve-2017-2297", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2017-2297" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2753.json b/2017/2xxx/CVE-2017-2753.json index d945ddf868d..44485159445 100644 --- a/2017/2xxx/CVE-2017-2753.json +++ b/2017/2xxx/CVE-2017-2753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2753", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2753", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2832.json b/2017/2xxx/CVE-2017-2832.json index a41d2226c20..931de5097db 100644 --- a/2017/2xxx/CVE-2017-2832.json +++ b/2017/2xxx/CVE-2017-2832.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-06-19T00:00:00", - "ID" : "CVE-2017-2832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera", - "version" : { - "version_data" : [ - { - "version_value" : "C1 Series" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-06-19T00:00:00", + "ID": "CVE-2017-2832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera", + "version": { + "version_data": [ + { + "version_value": "C1 Series" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0335", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0335" - }, - { - "name" : "99184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99184" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0335", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0335" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6223.json b/2017/6xxx/CVE-2017-6223.json index 0d8cb8c1ce7..5b1c7eae002 100644 --- a/2017/6xxx/CVE-2017-6223.json +++ b/2017/6xxx/CVE-2017-6223.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "DATE_PUBLIC" : "2017-09-27T00:00:00", - "ID" : "CVE-2017-6223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Zone Director Controller Firmware", - "version" : { - "version_data" : [ - { - "version_value" : "ZD9.9.x" - }, - { - "version_value" : "ZD9.10.x" - }, - { - "version_value" : "ZD9.13.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Brocade Communications Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authenticated Root Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "DATE_PUBLIC": "2017-09-27T00:00:00", + "ID": "CVE-2017-6223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zone Director Controller Firmware", + "version": { + "version_data": [ + { + "version_value": "ZD9.9.x" + }, + { + "version_value": "ZD9.10.x" + }, + { + "version_value": "ZD9.13.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Brocade Communications Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt", - "refsource" : "CONFIRM", - "url" : "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated Root Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt", + "refsource": "CONFIRM", + "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-092917.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6244.json b/2017/6xxx/CVE-2017-6244.json index 5b9081098d0..1077c327b04 100644 --- a/2017/6xxx/CVE-2017-6244.json +++ b/2017/6xxx/CVE-2017-6244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7099.json b/2017/7xxx/CVE-2017-7099.json index 6fe64e092b5..b32628ae814 100644 --- a/2017/7xxx/CVE-2017-7099.json +++ b/2017/7xxx/CVE-2017-7099.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208141" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "100998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100998" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208141" + }, + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "1039428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039428" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + }, + { + "name": "100998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100998" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7421.json b/2017/7xxx/CVE-2017-7421.json index 95c5f0711f9..7e3c980e789 100644 --- a/2017/7xxx/CVE-2017-7421.json +++ b/2017/7xxx/CVE-2017-7421.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-08-19T00:00:00", - "ID" : "CVE-2017-7421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Micro Focus Enterprise Developer, Micro Focus Enterprise Server", - "version" : { - "version_data" : [ - { - "version_value" : "All versions before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-08-19T00:00:00", + "ID": "CVE-2017-7421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Micro Focus Enterprise Developer, Micro Focus Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "All versions before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017", - "refsource" : "MISC", - "url" : "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017", + "refsource": "MISC", + "url": "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7645.json b/2017/7xxx/CVE-2017-7645.json index f0291bc0480..2c28e5e808e 100644 --- a/2017/7xxx/CVE-2017-7645.json +++ b/2017/7xxx/CVE-2017-7645.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://marc.info/?l=linux-nfs&m=149218228327497&w=2", - "refsource" : "MISC", - "url" : "https://marc.info/?l=linux-nfs&m=149218228327497&w=2" - }, - { - "name" : "https://marc.info/?l=linux-nfs&m=149247516212924&w=2", - "refsource" : "MISC", - "url" : "https://marc.info/?l=linux-nfs&m=149247516212924&w=2" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-3886", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3886" - }, - { - "name" : "RHSA-2017:1615", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1615" - }, - { - "name" : "RHSA-2017:1616", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1616" - }, - { - "name" : "RHSA-2017:1647", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1647" - }, - { - "name" : "RHSA-2018:1319", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1319" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "97950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://marc.info/?l=linux-nfs&m=149247516212924&w=2", + "refsource": "MISC", + "url": "https://marc.info/?l=linux-nfs&m=149247516212924&w=2" + }, + { + "name": "RHSA-2017:1615", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1615" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "RHSA-2017:1647", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1647" + }, + { + "name": "RHSA-2017:1616", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1616" + }, + { + "name": "RHSA-2018:1319", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1319" + }, + { + "name": "https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "97950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97950" + }, + { + "name": "https://marc.info/?l=linux-nfs&m=149218228327497&w=2", + "refsource": "MISC", + "url": "https://marc.info/?l=linux-nfs&m=149218228327497&w=2" + }, + { + "name": "DSA-3886", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3886" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7807.json b/2017/7xxx/CVE-2017-7807.json index de474ecbada..98721029959 100644 --- a/2017/7xxx/CVE-2017-7807.json +++ b/2017/7xxx/CVE-2017-7807.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "55" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Domain hijacking through AppCache fallback" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "55" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1376459", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1376459" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-19/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-19/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-20/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-20/" - }, - { - "name" : "DSA-3928", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3928" - }, - { - "name" : "DSA-3968", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3968" - }, - { - "name" : "GLSA-201803-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201803-14" - }, - { - "name" : "RHSA-2017:2456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2456" - }, - { - "name" : "RHSA-2017:2534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2534" - }, - { - "name" : "100242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100242" - }, - { - "name" : "1039124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Domain hijacking through AppCache fallback" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-19/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-19/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-20/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-20/" + }, + { + "name": "DSA-3968", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3968" + }, + { + "name": "100242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100242" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-18/" + }, + { + "name": "RHSA-2017:2456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2456" + }, + { + "name": "RHSA-2017:2534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2534" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1376459", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1376459" + }, + { + "name": "1039124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039124" + }, + { + "name": "GLSA-201803-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201803-14" + }, + { + "name": "DSA-3928", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3928" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10299.json b/2018/10xxx/CVE-2018-10299.json index 0b6449042b3..abbfc0b447e 100644 --- a/2018/10xxx/CVE-2018-10299.json +++ b/2018/10xxx/CVE-2018-10299.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the \"batchOverflow\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dasp.co/#item-3", - "refsource" : "MISC", - "url" : "https://dasp.co/#item-3" - }, - { - "name" : "https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e", - "refsource" : "MISC", - "url" : "https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e" - }, - { - "name" : "https://peckshield.com/2018/04/22/batchOverflow/", - "refsource" : "MISC", - "url" : "https://peckshield.com/2018/04/22/batchOverflow/" - }, - { - "name" : "https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-Withdrawal-and-Trading-Suspended", - "refsource" : "MISC", - "url" : "https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-Withdrawal-and-Trading-Suspended" - }, - { - "name" : "https://twitter.com/OKEx_/status/987967343983714304", - "refsource" : "MISC", - "url" : "https://twitter.com/OKEx_/status/987967343983714304" - }, - { - "name" : "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/", - "refsource" : "MISC", - "url" : "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the \"batchOverflow\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e", + "refsource": "MISC", + "url": "https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e" + }, + { + "name": "https://twitter.com/OKEx_/status/987967343983714304", + "refsource": "MISC", + "url": "https://twitter.com/OKEx_/status/987967343983714304" + }, + { + "name": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/", + "refsource": "MISC", + "url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/" + }, + { + "name": "https://dasp.co/#item-3", + "refsource": "MISC", + "url": "https://dasp.co/#item-3" + }, + { + "name": "https://peckshield.com/2018/04/22/batchOverflow/", + "refsource": "MISC", + "url": "https://peckshield.com/2018/04/22/batchOverflow/" + }, + { + "name": "https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-Withdrawal-and-Trading-Suspended", + "refsource": "MISC", + "url": "https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-Withdrawal-and-Trading-Suspended" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10933.json b/2018/10xxx/CVE-2018-10933.json index 12213ce2fdd..a3aa583972b 100644 --- a/2018/10xxx/CVE-2018-10933.json +++ b/2018/10xxx/CVE-2018-10933.json @@ -1,125 +1,125 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-10933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libssh", - "version" : { - "version_data" : [ - { - "version_value" : "0.7.6" - }, - { - "version_value" : "0.8.4" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "9.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-592" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libssh", + "version": { + "version_data": [ + { + "version_value": "0.7.6" + }, + { + "version_value": "0.8.4" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45638", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45638/" - }, - { - "name" : "[debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933" - }, - { - "name" : "https://www.libssh.org/security/advisories/CVE-2018-10933.txt", - "refsource" : "CONFIRM", - "url" : "https://www.libssh.org/security/advisories/CVE-2018-10933.txt" - }, - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "DSA-4322", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4322" - }, - { - "name" : "USN-3795-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3795-1/" - }, - { - "name" : "USN-3795-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3795-2/" - }, - { - "name" : "105677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "9.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-592" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3795-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3795-1/" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "USN-3795-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3795-2/" + }, + { + "name": "DSA-4322", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4322" + }, + { + "name": "45638", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45638/" + }, + { + "name": "https://www.libssh.org/security/advisories/CVE-2018-10933.txt", + "refsource": "CONFIRM", + "url": "https://www.libssh.org/security/advisories/CVE-2018-10933.txt" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933" + }, + { + "name": "105677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105677" + }, + { + "name": "[debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html" + }, + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14228.json b/2018/14xxx/CVE-2018-14228.json index 336f1f5e8f0..b533dc8c1b0 100644 --- a/2018/14xxx/CVE-2018-14228.json +++ b/2018/14xxx/CVE-2018-14228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14228", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14228", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14390.json b/2018/14xxx/CVE-2018-14390.json index 77d8d12339d..126586330ef 100644 --- a/2018/14xxx/CVE-2018-14390.json +++ b/2018/14xxx/CVE-2018-14390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14445.json b/2018/14xxx/CVE-2018-14445.json index 83102c2b6af..a07fcca66bc 100644 --- a/2018/14xxx/CVE-2018-14445.json +++ b/2018/14xxx/CVE-2018-14445.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hac425.unaux.com/index.php/archives/62/", - "refsource" : "MISC", - "url" : "http://hac425.unaux.com/index.php/archives/62/" - }, - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/289", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hac425.unaux.com/index.php/archives/62/", + "refsource": "MISC", + "url": "http://hac425.unaux.com/index.php/archives/62/" + }, + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/289", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/289" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14634.json b/2018/14xxx/CVE-2018-14634.json index 046c95d2713..ca167fdb5fc 100644 --- a/2018/14xxx/CVE-2018-14634.json +++ b/2018/14xxx/CVE-2018-14634.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-14634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel", - "version" : { - "version_data" : [ - { - "version_value" : "2.6.x, 3.10.x, 4.14.x" - } - ] - } - } - ] - }, - "vendor_name" : "The Linux Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-190" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "2.6.x, 3.10.x, 4.14.x" + } + ] + } + } + ] + }, + "vendor_name": "The Linux Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45516", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45516/" - }, - { - "name" : "[oss-security] 20180925 Integer overflow in Linux's create_elf_tables() (CVE-2018-14634)", - "refsource" : "MLIST", - "url" : "https://www.openwall.com/lists/oss-security/2018/09/25/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190204-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190204-0002/" - }, - { - "name" : "RHSA-2018:2748", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2748" - }, - { - "name" : "RHSA-2018:2763", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2763" - }, - { - "name" : "RHSA-2018:2846", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2846" - }, - { - "name" : "RHSA-2018:2924", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2924" - }, - { - "name" : "RHSA-2018:2925", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2925" - }, - { - "name" : "RHSA-2018:2933", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2933" - }, - { - "name" : "RHSA-2018:3540", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3540" - }, - { - "name" : "RHSA-2018:3586", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3586" - }, - { - "name" : "RHSA-2018:3590", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3590" - }, - { - "name" : "RHSA-2018:3591", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3591" - }, - { - "name" : "RHSA-2018:3643", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3643" - }, - { - "name" : "USN-3775-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3775-2/" - }, - { - "name" : "USN-3779-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3779-1/" - }, - { - "name" : "USN-3775-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3775-1/" - }, - { - "name" : "105407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3540", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3540" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190204-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190204-0002/" + }, + { + "name": "RHSA-2018:2925", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2925" + }, + { + "name": "RHSA-2018:3591", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3591" + }, + { + "name": "45516", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45516/" + }, + { + "name": "USN-3775-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3775-1/" + }, + { + "name": "RHSA-2018:2933", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2933" + }, + { + "name": "USN-3779-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3779-1/" + }, + { + "name": "RHSA-2018:2748", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2748" + }, + { + "name": "RHSA-2018:3590", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3590" + }, + { + "name": "USN-3775-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3775-2/" + }, + { + "name": "RHSA-2018:2763", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2763" + }, + { + "name": "105407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105407" + }, + { + "name": "RHSA-2018:2924", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2924" + }, + { + "name": "RHSA-2018:3586", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3586" + }, + { + "name": "RHSA-2018:3643", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3643" + }, + { + "name": "RHSA-2018:2846", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2846" + }, + { + "name": "[oss-security] 20180925 Integer overflow in Linux's create_elf_tables() (CVE-2018-14634)", + "refsource": "MLIST", + "url": "https://www.openwall.com/lists/oss-security/2018/09/25/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14944.json b/2018/14xxx/CVE-2018-14944.json index 80695eee0ca..62723fb435f 100644 --- a/2018/14xxx/CVE-2018-14944.json +++ b/2018/14xxx/CVE-2018-14944.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fouzhe/security/tree/master/jpeg_encoder#segv-in-function-readfrombmp", - "refsource" : "MISC", - "url" : "https://github.com/fouzhe/security/tree/master/jpeg_encoder#segv-in-function-readfrombmp" - }, - { - "name" : "https://github.com/thejinchao/jpeg_encoder/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/thejinchao/jpeg_encoder/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/thejinchao/jpeg_encoder/issues/4", + "refsource": "MISC", + "url": "https://github.com/thejinchao/jpeg_encoder/issues/4" + }, + { + "name": "https://github.com/fouzhe/security/tree/master/jpeg_encoder#segv-in-function-readfrombmp", + "refsource": "MISC", + "url": "https://github.com/fouzhe/security/tree/master/jpeg_encoder#segv-in-function-readfrombmp" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15787.json b/2018/15xxx/CVE-2018-15787.json index 94bdb7cdfd2..fe0b3bea479 100644 --- a/2018/15xxx/CVE-2018-15787.json +++ b/2018/15xxx/CVE-2018-15787.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15787", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15787", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15909.json b/2018/15xxx/CVE-2018-15909.json index a670f7e3ec4..af7370a092d 100644 --- a/2018/15xxx/CVE-2018-15909.json +++ b/2018/15xxx/CVE-2018-15909.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6" - }, - { - "name" : "https://www.kb.cert.org/vuls/id/332928", - "refsource" : "MISC", - "url" : "https://www.kb.cert.org/vuls/id/332928" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "RHSA-2018:3650", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3650" - }, - { - "name" : "USN-3768-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3768-1/" - }, - { - "name" : "105178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3650", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3650" + }, + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "USN-3768-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3768-1/" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6" + }, + { + "name": "105178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105178" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b" + }, + { + "name": "https://www.kb.cert.org/vuls/id/332928", + "refsource": "MISC", + "url": "https://www.kb.cert.org/vuls/id/332928" + }, + { + "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20057.json b/2018/20xxx/CVE-2018-20057.json index 9383561eb56..a8bd908046d 100644 --- a/2018/20xxx/CVE-2018-20057.json +++ b/2018/20xxx/CVE-2018-20057.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20command%20execution.md", - "refsource" : "MISC", - "url" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20command%20execution.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20command%20execution.md", + "refsource": "MISC", + "url": "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20command%20execution.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20071.json b/2018/20xxx/CVE-2018-20071.json index 77f7e3ddce5..a63ad9cb4e3 100644 --- a/2018/20xxx/CVE-2018-20071.json +++ b/2018/20xxx/CVE-2018-20071.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-20071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "70.0.3538.67" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-20071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "70.0.3538.67" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/853937", - "refsource" : "MISC", - "url" : "https://crbug.com/853937" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/853937", + "refsource": "MISC", + "url": "https://crbug.com/853937" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20576.json b/2018/20xxx/CVE-2018-20576.json index 5b10afe7077..c4fc1677e1c 100644 --- a/2018/20xxx/CVE-2018-20576.json +++ b/2018/20xxx/CVE-2018-20576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gbhackers.com/orange-adsl-modems/", - "refsource" : "MISC", - "url" : "https://gbhackers.com/orange-adsl-modems/" - }, - { - "name" : "https://github.com/zadewg/LIVEBOX-0DAY", - "refsource" : "MISC", - "url" : "https://github.com/zadewg/LIVEBOX-0DAY" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gbhackers.com/orange-adsl-modems/", + "refsource": "MISC", + "url": "https://gbhackers.com/orange-adsl-modems/" + }, + { + "name": "https://github.com/zadewg/LIVEBOX-0DAY", + "refsource": "MISC", + "url": "https://github.com/zadewg/LIVEBOX-0DAY" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20772.json b/2018/20xxx/CVE-2018-20772.json index bf13e57b893..20e04c3dc5f 100644 --- a/2018/20xxx/CVE-2018-20772.json +++ b/2018/20xxx/CVE-2018-20772.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Frog CMS 0.9.5 allows PHP code execution via