From 95cead65598efc19dbeab74d8f00ed293b27e7ef Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:51:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0123.json | 140 +++++----- 2002/0xxx/CVE-2002-0667.json | 150 +++++------ 2002/1xxx/CVE-2002-1130.json | 34 +-- 2002/1xxx/CVE-2002-1333.json | 34 +-- 2002/1xxx/CVE-2002-1839.json | 140 +++++----- 2002/1xxx/CVE-2002-1896.json | 160 +++++------ 2002/1xxx/CVE-2002-1965.json | 140 +++++----- 2002/2xxx/CVE-2002-2154.json | 140 +++++----- 2003/0xxx/CVE-2003-0359.json | 120 ++++----- 2003/0xxx/CVE-2003-0470.json | 180 ++++++------- 2009/1xxx/CVE-2009-1040.json | 160 +++++------ 2009/1xxx/CVE-2009-1044.json | 470 ++++++++++++++++----------------- 2009/5xxx/CVE-2009-5024.json | 190 ++++++------- 2012/0xxx/CVE-2012-0259.json | 280 ++++++++++---------- 2012/0xxx/CVE-2012-0374.json | 34 +-- 2012/0xxx/CVE-2012-0387.json | 170 ++++++------ 2012/3xxx/CVE-2012-3433.json | 210 +++++++-------- 2012/3xxx/CVE-2012-3702.json | 190 ++++++------- 2012/3xxx/CVE-2012-3876.json | 34 +-- 2012/3xxx/CVE-2012-3928.json | 34 +-- 2012/4xxx/CVE-2012-4185.json | 280 ++++++++++---------- 2012/4xxx/CVE-2012-4441.json | 34 +-- 2012/4xxx/CVE-2012-4460.json | 150 +++++------ 2012/4xxx/CVE-2012-4635.json | 34 +-- 2012/4xxx/CVE-2012-4937.json | 150 +++++------ 2012/6xxx/CVE-2012-6274.json | 120 ++++----- 2012/6xxx/CVE-2012-6388.json | 34 +-- 2012/6xxx/CVE-2012-6403.json | 34 +-- 2017/2xxx/CVE-2017-2386.json | 170 ++++++------ 2017/2xxx/CVE-2017-2643.json | 140 +++++----- 2017/2xxx/CVE-2017-2891.json | 122 ++++----- 2017/6xxx/CVE-2017-6129.json | 138 +++++----- 2017/6xxx/CVE-2017-6140.json | 144 +++++----- 2017/6xxx/CVE-2017-6920.json | 142 +++++----- 2017/6xxx/CVE-2017-6983.json | 150 +++++------ 2017/7xxx/CVE-2017-7920.json | 140 +++++----- 2018/10xxx/CVE-2018-10277.json | 34 +-- 2018/14xxx/CVE-2018-14226.json | 34 +-- 2018/14xxx/CVE-2018-14385.json | 34 +-- 2018/14xxx/CVE-2018-14625.json | 220 +++++++-------- 2018/14xxx/CVE-2018-14762.json | 34 +-- 2018/15xxx/CVE-2018-15075.json | 34 +-- 2018/15xxx/CVE-2018-15527.json | 34 +-- 2018/15xxx/CVE-2018-15723.json | 122 ++++----- 2018/15xxx/CVE-2018-15733.json | 34 +-- 2018/15xxx/CVE-2018-15838.json | 34 +-- 2018/20xxx/CVE-2018-20727.json | 130 ++++----- 2018/9xxx/CVE-2018-9216.json | 34 +-- 2018/9xxx/CVE-2018-9253.json | 34 +-- 49 files changed, 2902 insertions(+), 2902 deletions(-) diff --git a/2002/0xxx/CVE-2002-0123.json b/2002/0xxx/CVE-2002-0123.json index 5bf3fb8b93a..0883f77b82e 100644 --- a/2002/0xxx/CVE-2002-0123.json +++ b/2002/0xxx/CVE-2002-0123.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/250242" - }, - { - "name" : "3874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3874" - }, - { - "name" : "ws4d-long-url-dos(7879)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7879.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ws4d-long-url-dos(7879)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7879.php" + }, + { + "name": "20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/250242" + }, + { + "name": "3874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3874" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0667.json b/2002/0xxx/CVE-2002-0667.json index 1b242998c35..ee21b952da3 100644 --- a/2002/0xxx/CVE-2002-0667.json +++ b/2002/0xxx/CVE-2002-0667.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A071202-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2002/a071202-1.txt" - }, - { - "name" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" - }, - { - "name" : "5214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5214" - }, - { - "name" : "pingtel-xpressa-default-password(9562)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9562.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5214" + }, + { + "name": "pingtel-xpressa-default-password(9562)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9562.php" + }, + { + "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", + "refsource": "CONFIRM", + "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" + }, + { + "name": "A071202-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1130.json b/2002/1xxx/CVE-2002-1130.json index 9869ca9cc1a..179832b249f 100644 --- a/2002/1xxx/CVE-2002-1130.json +++ b/2002/1xxx/CVE-2002-1130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1333.json b/2002/1xxx/CVE-2002-1333.json index 946641396eb..01c49186d48 100644 --- a/2002/1xxx/CVE-2002-1333.json +++ b/2002/1xxx/CVE-2002-1333.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1333", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1333", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1839.json b/2002/1xxx/CVE-2002-1839.json index 3d42d3f4e5e..f23c86f61ff 100644 --- a/2002/1xxx/CVE-2002-1839.json +++ b/2002/1xxx/CVE-2002-1839.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020524 TrendMicro Interscan VirusWall security problem", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/274144" - }, - { - "name" : "4830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4830" - }, - { - "name" : "interscan-viruswall-header-removal(9168)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9168.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "interscan-viruswall-header-removal(9168)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9168.php" + }, + { + "name": "4830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4830" + }, + { + "name": "20020524 TrendMicro Interscan VirusWall security problem", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/274144" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1896.json b/2002/1xxx/CVE-2002-1896.json index 8ff79bd8f77..3ad772bd0ae 100644 --- a/2002/1xxx/CVE-2002-1896.json +++ b/2002/1xxx/CVE-2002-1896.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020920 Alsasound local b0f (not an issue if not setuid root)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001730.html" - }, - { - "name" : "http://alsaplayer.org/changelog.php3", - "refsource" : "CONFIRM", - "url" : "http://alsaplayer.org/changelog.php3" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/alsaplayer/alsaplayer/app/Main.cpp.diff?r1=1.66&r2=1.67", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/alsaplayer/alsaplayer/app/Main.cpp.diff?r1=1.66&r2=1.67" - }, - { - "name" : "5767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5767" - }, - { - "name" : "alsaplayer-command-line-bo(10157)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10157.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5767" + }, + { + "name": "http://alsaplayer.org/changelog.php3", + "refsource": "CONFIRM", + "url": "http://alsaplayer.org/changelog.php3" + }, + { + "name": "alsaplayer-command-line-bo(10157)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10157.php" + }, + { + "name": "20020920 Alsasound local b0f (not an issue if not setuid root)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001730.html" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/alsaplayer/alsaplayer/app/Main.cpp.diff?r1=1.66&r2=1.67", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/alsaplayer/alsaplayer/app/Main.cpp.diff?r1=1.66&r2=1.67" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1965.json b/2002/1xxx/CVE-2002-1965.json index 29be0f3a6e4..91cd2dc911f 100644 --- a/2002/1xxx/CVE-2002-1965.json +++ b/2002/1xxx/CVE-2002-1965.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020614 ALERT: Xitami 2.5b5", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/277058" - }, - { - "name" : "20020627 Xitami 2.5 Beta Errors.gsl Script Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/279269" - }, - { - "name" : "5025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020627 Xitami 2.5 Beta Errors.gsl Script Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/279269" + }, + { + "name": "20020614 ALERT: Xitami 2.5b5", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/277058" + }, + { + "name": "5025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5025" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2154.json b/2002/2xxx/CVE-2002-2154.json index 8b64eef9560..1b7fd93beeb 100644 --- a/2002/2xxx/CVE-2002-2154.json +++ b/2002/2xxx/CVE-2002-2154.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020925 IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0298.html" - }, - { - "name" : "monkey-dotdot-directory-traversal(10188)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10188.php" - }, - { - "name" : "5792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5792" + }, + { + "name": "monkey-dotdot-directory-traversal(10188)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10188.php" + }, + { + "name": "20020925 IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0298.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0359.json b/2003/0xxx/CVE-2003-0359.json index 6a3e602cfb1..1bc54b00620 100644 --- a/2003/0xxx/CVE-2003-0359.json +++ b/2003/0xxx/CVE-2003-0359.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-316", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-316", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-316" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0470.json b/2003/0xxx/CVE-2003-0470.json index f644d9a94f0..5b4d3ef0378 100644 --- a/2003/0xxx/CVE-2003-0470.json +++ b/2003/0xxx/CVE-2003-0470.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the \"RuFSI Utility Class\" ActiveX control (aka \"RuFSI Registry Information Class\"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030622 Symantec ActiveX control buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006014.html" - }, - { - "name" : "20030624 [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105647537823877&w=2" - }, - { - "name" : "VU#527228", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/527228" - }, - { - "name" : "8008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8008" - }, - { - "name" : "1007029", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007029" - }, - { - "name" : "9091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9091" - }, - { - "name" : "symantec-security-activex-bo(12423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the \"RuFSI Utility Class\" ActiveX control (aka \"RuFSI Registry Information Class\"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1007029", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007029" + }, + { + "name": "8008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8008" + }, + { + "name": "20030624 [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105647537823877&w=2" + }, + { + "name": "9091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9091" + }, + { + "name": "symantec-security-activex-bo(12423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12423" + }, + { + "name": "20030622 Symantec ActiveX control buffer overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006014.html" + }, + { + "name": "VU#527228", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/527228" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1040.json b/2009/1xxx/CVE-2009-1040.json index a039e0cc156..1eb4fad7717 100644 --- a/2009/1xxx/CVE-2009-1040.json +++ b/2009/1xxx/CVE-2009-1040.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8224", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8224" - }, - { - "name" : "34132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34132" - }, - { - "name" : "52776", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52776" - }, - { - "name" : "34309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34309" - }, - { - "name" : "winasmstudio-wap-bo(49266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "winasmstudio-wap-bo(49266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49266" + }, + { + "name": "34132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34132" + }, + { + "name": "8224", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8224" + }, + { + "name": "52776", + "refsource": "OSVDB", + "url": "http://osvdb.org/52776" + }, + { + "name": "34309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34309" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1044.json b/2009/1xxx/CVE-2009-1044.json index 716b22a3863..bff4f7247b3 100644 --- a/2009/1xxx/CVE-2009-1044.json +++ b/2009/1xxx/CVE-2009-1044.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502303/100/0/threaded" - }, - { - "name" : "http://blogs.zdnet.com/security/?p=2934", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=2934" - }, - { - "name" : "http://blogs.zdnet.com/security/?p=2941", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=2941" - }, - { - "name" : "http://cansecwest.com/index.html", - "refsource" : "MISC", - "url" : "http://cansecwest.com/index.html" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits" - }, - { - "name" : "http://news.cnet.com/8301-1009_3-10199652-83.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-1009_3-10199652-83.html" - }, - { - "name" : "http://twitter.com/tippingpoint1/status/1351635812", - "refsource" : "MISC", - "url" : "http://twitter.com/tippingpoint1/status/1351635812" - }, - { - "name" : "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889", - "refsource" : "MISC", - "url" : "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-015", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-015" - }, - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=484320", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=484320" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm" - }, - { - "name" : "DSA-1756", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1756" - }, - { - "name" : "FEDORA-2009-3101", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" - }, - { - "name" : "FEDORA-2009-3099", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html" - }, - { - "name" : "FEDORA-2009-3100", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html" - }, - { - "name" : "MDVSA-2009:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084" - }, - { - "name" : "RHSA-2009:0397", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0397.html" - }, - { - "name" : "RHSA-2009:0398", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0398.html" - }, - { - "name" : "SUSE-SA:2009:022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html" - }, - { - "name" : "USN-745-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-745-1" - }, - { - "name" : "34181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34181" - }, - { - "name" : "52896", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52896" - }, - { - "name" : "oval:org.mitre.oval:def:11368", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368" - }, - { - "name" : "1021878", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021878" - }, - { - "name" : "34471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34471" - }, - { - "name" : "34527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34527" - }, - { - "name" : "34549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34549" - }, - { - "name" : "34550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34550" - }, - { - "name" : "34505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34505" - }, - { - "name" : "34510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34510" - }, - { - "name" : "34511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34511" - }, - { - "name" : "34521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34521" - }, - { - "name" : "34792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34792" - }, - { - "name" : "ADV-2009-0864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021878", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021878" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits" + }, + { + "name": "http://twitter.com/tippingpoint1/status/1351635812", + "refsource": "MISC", + "url": "http://twitter.com/tippingpoint1/status/1351635812" + }, + { + "name": "34510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34510" + }, + { + "name": "FEDORA-2009-3101", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" + }, + { + "name": "34511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34511" + }, + { + "name": "MDVSA-2009:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084" + }, + { + "name": "RHSA-2009:0397", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0397.html" + }, + { + "name": "http://cansecwest.com/index.html", + "refsource": "MISC", + "url": "http://cansecwest.com/index.html" + }, + { + "name": "SUSE-SA:2009:022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html" + }, + { + "name": "34505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34505" + }, + { + "name": "34521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34521" + }, + { + "name": "RHSA-2009:0398", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0398.html" + }, + { + "name": "20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502303/100/0/threaded" + }, + { + "name": "34471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34471" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-13.html" + }, + { + "name": "USN-745-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-745-1" + }, + { + "name": "34527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34527" + }, + { + "name": "34181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34181" + }, + { + "name": "DSA-1756", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1756" + }, + { + "name": "34792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34792" + }, + { + "name": "http://news.cnet.com/8301-1009_3-10199652-83.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-1009_3-10199652-83.html" + }, + { + "name": "http://blogs.zdnet.com/security/?p=2934", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=2934" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-015", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-015" + }, + { + "name": "oval:org.mitre.oval:def:11368", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368" + }, + { + "name": "52896", + "refsource": "OSVDB", + "url": "http://osvdb.org/52896" + }, + { + "name": "ADV-2009-0864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0864" + }, + { + "name": "FEDORA-2009-3100", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html" + }, + { + "name": "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889", + "refsource": "MISC", + "url": "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889" + }, + { + "name": "34549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34549" + }, + { + "name": "34550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34550" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009" + }, + { + "name": "FEDORA-2009-3099", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=484320", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=484320" + }, + { + "name": "http://blogs.zdnet.com/security/?p=2941", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=2941" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5024.json b/2009/5xxx/CVE-2009-5024.json index d8dc3f05c5e..15f995e0a6d 100644 --- a/2009/5xxx/CVE-2009-5024.json +++ b/2009/5xxx/CVE-2009-5024.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a \"query revision history\" request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-5024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110519 CVE Request: viewvc DoS", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/19/1" - }, - { - "name" : "[oss-security] 20110519 Re: CVE Request: viewvc DoS", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/19/9" - }, - { - "name" : "http://viewvc.tigris.org/issues/show_bug.cgi?id=433", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/issues/show_bug.cgi?id=433" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547" - }, - { - "name" : "DSA-2563", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2563" - }, - { - "name" : "47928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a \"query revision history\" request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47928" + }, + { + "name": "[oss-security] 20110519 Re: CVE Request: viewvc DoS", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/19/9" + }, + { + "name": "http://viewvc.tigris.org/issues/show_bug.cgi?id=433", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=433" + }, + { + "name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547" + }, + { + "name": "[oss-security] 20110519 CVE Request: viewvc DoS", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/19/1" + }, + { + "name": "DSA-2563", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2563" + }, + { + "name": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES" + }, + { + "name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0259.json b/2012/0xxx/CVE-2012-0259.json index 44ac2992feb..5cc0692a85c 100644 --- a/2012/0xxx/CVE-2012-0259.json +++ b/2012/0xxx/CVE-2012-0259.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cert.fi/en/reports/2012/vulnerability635606.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/en/reports/2012/vulnerability635606.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259" - }, - { - "name" : "http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629", - "refsource" : "CONFIRM", - "url" : "http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629" - }, - { - "name" : "DSA-2462", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2462" - }, - { - "name" : "RHSA-2012:0544", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0544.html" - }, - { - "name" : "openSUSE-SU-2012:0692", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html" - }, - { - "name" : "USN-1435-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1435-1" - }, - { - "name" : "52898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52898" - }, - { - "name" : "81021", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81021" - }, - { - "name" : "1027032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027032" - }, - { - "name" : "48679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48679" - }, - { - "name" : "48974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48974" - }, - { - "name" : "49043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49043" - }, - { - "name" : "49063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49063" - }, - { - "name" : "49317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49317" - }, - { - "name" : "55035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55035" - }, - { - "name" : "imagemagick-jpegexif-dos(74657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55035" + }, + { + "name": "openSUSE-SU-2012:0692", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html" + }, + { + "name": "49043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49043" + }, + { + "name": "DSA-2462", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2462" + }, + { + "name": "49063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49063" + }, + { + "name": "imagemagick-jpegexif-dos(74657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74657" + }, + { + "name": "48679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48679" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259" + }, + { + "name": "52898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52898" + }, + { + "name": "RHSA-2012:0544", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0544.html" + }, + { + "name": "USN-1435-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1435-1" + }, + { + "name": "48974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48974" + }, + { + "name": "81021", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81021" + }, + { + "name": "49317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49317" + }, + { + "name": "http://www.cert.fi/en/reports/2012/vulnerability635606.html", + "refsource": "MISC", + "url": "http://www.cert.fi/en/reports/2012/vulnerability635606.html" + }, + { + "name": "1027032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027032" + }, + { + "name": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629", + "refsource": "CONFIRM", + "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0374.json b/2012/0xxx/CVE-2012-0374.json index bf68c019092..1e1fc5eead3 100644 --- a/2012/0xxx/CVE-2012-0374.json +++ b/2012/0xxx/CVE-2012-0374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0387.json b/2012/0xxx/CVE-2012-0387.json index f8b302c29e2..d05386fd0f1 100644 --- a/2012/0xxx/CVE-2012-0387.json +++ b/2012/0xxx/CVE-2012-0387.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug ID CSCtq36153." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw" - }, - { - "name" : "52753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52753" - }, - { - "name" : "80697", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80697" - }, - { - "name" : "1026861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026861" - }, - { - "name" : "48608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48608" - }, - { - "name" : "ciscoios-inspectionengine-dos(74435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug ID CSCtq36153." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52753" + }, + { + "name": "20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw" + }, + { + "name": "ciscoios-inspectionengine-dos(74435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74435" + }, + { + "name": "48608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48608" + }, + { + "name": "1026861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026861" + }, + { + "name": "80697", + "refsource": "OSVDB", + "url": "http://osvdb.org/80697" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3433.json b/2012/3xxx/CVE-2012-3433.json index adb50888465..62cb39783a3 100644 --- a/2012/3xxx/CVE-2012-3433.json +++ b/2012/3xxx/CVE-2012-3433.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-devel] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy\tp2m host DoS", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html" - }, - { - "name" : "[oss-security] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/09/3" - }, - { - "name" : "DSA-2531", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2531" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "openSUSE-SU-2012:1172", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2012:1043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html" - }, - { - "name" : "SUSE-SU-2012:1044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html" - }, - { - "name" : "54942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54942" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2531", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2531" + }, + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "[oss-security] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/09/3" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "SUSE-SU-2012:1044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html" + }, + { + "name": "SUSE-SU-2012:1043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html" + }, + { + "name": "54942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54942" + }, + { + "name": "openSUSE-SU-2012:1174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" + }, + { + "name": "[Xen-devel] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy\tp2m host DoS", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html" + }, + { + "name": "openSUSE-SU-2012:1172", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3702.json b/2012/3xxx/CVE-2012-3702.json index be3d3057255..920e9820d51 100644 --- a/2012/3xxx/CVE-2012-3702.json +++ b/2012/3xxx/CVE-2012-3702.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85385", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85385" - }, - { - "name" : "oval:org.mitre.oval:def:17433", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17433" - }, - { - "name" : "apple-itunes-webkit-cve20123702(78522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "apple-itunes-webkit-cve20123702(78522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78522" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:17433", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17433" + }, + { + "name": "85385", + "refsource": "OSVDB", + "url": "http://osvdb.org/85385" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3876.json b/2012/3xxx/CVE-2012-3876.json index 91001a607e4..ea28086ca14 100644 --- a/2012/3xxx/CVE-2012-3876.json +++ b/2012/3xxx/CVE-2012-3876.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3876", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3876", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3928.json b/2012/3xxx/CVE-2012-3928.json index 43463dbb98b..cb519cddb0e 100644 --- a/2012/3xxx/CVE-2012-3928.json +++ b/2012/3xxx/CVE-2012-3928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4185.json b/2012/4xxx/CVE-2012-4185.json index 026e1cc5df9..eb0c32eaa37 100644 --- a/2012/4xxx/CVE-2012-4185.json +++ b/2012/4xxx/CVE-2012-4185.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785753", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785753" - }, - { - "name" : "MDVSA-2012:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" - }, - { - "name" : "RHSA-2012:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "56127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56127" - }, - { - "name" : "86116", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86116" - }, - { - "name" : "oval:org.mitre.oval:def:16009", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16009" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50936" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - }, - { - "name" : "firefox-nschartraitslength-bo(79162)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "oval:org.mitre.oval:def:16009", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16009" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "86116", + "refsource": "OSVDB", + "url": "http://osvdb.org/86116" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=785753", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785753" + }, + { + "name": "RHSA-2012:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html" + }, + { + "name": "50936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50936" + }, + { + "name": "firefox-nschartraitslength-bo(79162)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79162" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-86.html" + }, + { + "name": "56127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56127" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "MDVSA-2012:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4441.json b/2012/4xxx/CVE-2012-4441.json index a70a79c5e65..c98cfaf8ebd 100644 --- a/2012/4xxx/CVE-2012-4441.json +++ b/2012/4xxx/CVE-2012-4441.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4441", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4441", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4460.json b/2012/4xxx/CVE-2012-4460.json index 6ff21965d9c..6e4a13e3cde 100644 --- a/2012/4xxx/CVE-2012-4460.json +++ b/2012/4xxx/CVE-2012-4460.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=861242", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=861242" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1453031", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1453031" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-4629", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPID-4629" - }, - { - "name" : "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=861242", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861242" + }, + { + "name": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID" + }, + { + "name": "https://issues.apache.org/jira/browse/QPID-4629", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPID-4629" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1453031", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1453031" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4635.json b/2012/4xxx/CVE-2012-4635.json index 5b79f06771f..5c3a7fc8476 100644 --- a/2012/4xxx/CVE-2012-4635.json +++ b/2012/4xxx/CVE-2012-4635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4937.json b/2012/4xxx/CVE-2012-4937.json index 509a0db701a..5c5707ded37 100644 --- a/2012/4xxx/CVE-2012-4937.json +++ b/2012/4xxx/CVE-2012-4937.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsession_id cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#802596", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/802596" - }, - { - "name" : "56381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56381" - }, - { - "name" : "51203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51203" - }, - { - "name" : "pattern-insight-session-hijacking(79785)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsession_id cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#802596", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/802596" + }, + { + "name": "pattern-insight-session-hijacking(79785)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79785" + }, + { + "name": "56381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56381" + }, + { + "name": "51203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51203" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6274.json b/2012/6xxx/CVE-2012-6274.json index fa4c8810285..d9b7848e07b 100644 --- a/2012/6xxx/CVE-2012-6274.json +++ b/2012/6xxx/CVE-2012-6274.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\\DocData\\Public via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-6274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#990652", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/990652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\\DocData\\Public via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#990652", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/990652" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6388.json b/2012/6xxx/CVE-2012-6388.json index 69c098d8ce1..73ee9b02683 100644 --- a/2012/6xxx/CVE-2012-6388.json +++ b/2012/6xxx/CVE-2012-6388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6388", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6388", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6403.json b/2012/6xxx/CVE-2012-6403.json index 892c0aa5be0..56c9b3a56a5 100644 --- a/2012/6xxx/CVE-2012-6403.json +++ b/2012/6xxx/CVE-2012-6403.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6403", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6403", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2386.json b/2017/2xxx/CVE-2017-2386.json index a6da5a51a63..05e50f5f9ce 100644 --- a/2017/2xxx/CVE-2017-2386.json +++ b/2017/2xxx/CVE-2017-2386.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97130" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97130" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2643.json b/2017/2xxx/CVE-2017-2643.json index 07707bf4a36..7135ae5cda4 100644 --- a/2017/2xxx/CVE-2017-2643.json +++ b/2017/2xxx/CVE-2017-2643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-2643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moodle 3.2.x", - "version" : { - "version_data" : [ - { - "version_value" : "Moodle 3.2.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Moodle 3.2.x, global search displays user names for unauthenticated users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Global search displays user names for unauthenticated users" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moodle 3.2.x", + "version": { + "version_data": [ + { + "version_value": "Moodle 3.2.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=349420", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=349420" - }, - { - "name" : "96978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96978" - }, - { - "name" : "1038174", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Moodle 3.2.x, global search displays user names for unauthenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Global search displays user names for unauthenticated users" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96978" + }, + { + "name": "1038174", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038174" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=349420", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=349420" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2891.json b/2017/2xxx/CVE-2017-2891.json index dac54267545..1037d471653 100644 --- a/2017/2xxx/CVE-2017-2891.json +++ b/2017/2xxx/CVE-2017-2891.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-2891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mongoose", - "version" : { - "version_data" : [ - { - "version_value" : "6.8" - } - ] - } - } - ] - }, - "vendor_name" : "Cesanta" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-2891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mongoose", + "version": { + "version_data": [ + { + "version_value": "6.8" + } + ] + } + } + ] + }, + "vendor_name": "Cesanta" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6129.json b/2017/6xxx/CVE-2017-6129.json index a896338d645..b8dc592eea9 100644 --- a/2017/6xxx/CVE-2017-6129.json +++ b/2017/6xxx/CVE-2017-6129.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-12-20T00:00:00", - "ID" : "CVE-2017-6129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP APM", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a \"flow not in use\" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-12-20T00:00:00", + "ID": "CVE-2017-6129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.1.2" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K20087443", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K20087443" - }, - { - "name" : "1040047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a \"flow not in use\" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K20087443", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K20087443" + }, + { + "name": "1040047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040047" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6140.json b/2017/6xxx/CVE-2017-6140.json index 16f6f244703..04fc4d86424 100644 --- a/2017/6xxx/CVE-2017-6140.json +++ b/2017/6xxx/CVE-2017-6140.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-12-20T00:00:00", - "ID" : "CVE-2017-6140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM", - "version" : { - "version_data" : [ - { - "version_value" : "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4" - }, - { - "version_value" : "11.6.0, 11.6.1" - }, - { - "version_value" : "12.0.0, 12.1.0, 12.1.1, 12.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-12-20T00:00:00", + "ID": "CVE-2017-6140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM", + "version": { + "version_data": [ + { + "version_value": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4" + }, + { + "version_value": "11.6.0, 11.6.1" + }, + { + "version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K55102452", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K55102452" - }, - { - "name" : "1040042", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040042", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040042" + }, + { + "name": "https://support.f5.com/csp/article/K55102452", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K55102452" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6920.json b/2017/6xxx/CVE-2017-6920.json index d728f2551d4..e26e5ed6f77 100644 --- a/2017/6xxx/CVE-2017-6920.json +++ b/2017/6xxx/CVE-2017-6920.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@drupal.org", - "DATE_PUBLIC" : "2017-06-21T00:00:00", - "ID" : "CVE-2017-6920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Drupal Core", - "version" : { - "version_data" : [ - { - "version_value" : "8 prior to 8.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "Drupal.org" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@drupal.org", + "DATE_PUBLIC": "2017-06-21T00:00:00", + "ID": "CVE-2017-6920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drupal Core", + "version": { + "version_data": [ + { + "version_value": "8 prior to 8.3.4" + } + ] + } + } + ] + }, + "vendor_name": "Drupal.org" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" - }, - { - "name" : "99211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99211" - }, - { - "name" : "1038781", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple" + }, + { + "name": "99211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99211" + }, + { + "name": "1038781", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038781" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6983.json b/2017/6xxx/CVE-2017-6983.json index a815808f54c..e70f162b8a5 100644 --- a/2017/6xxx/CVE-2017-6983.json +++ b/2017/6xxx/CVE-2017-6983.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-6983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-6983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7920.json b/2017/7xxx/CVE-2017-7920.json index 6181835effa..baa64ab1fb9 100644 --- a/2017/7xxx/CVE-2017-7920.json +++ b/2017/7xxx/CVE-2017-7920.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ABB VSN300 WiFi Logger Card", - "version" : { - "version_data" : [ - { - "version_value" : "ABB VSN300 WiFi Logger Card" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ABB VSN300 WiFi Logger Card", + "version": { + "version_data": [ + { + "version_value": "ABB VSN300 WiFi Logger Card" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch", - "refsource" : "MISC", - "url" : "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03" - }, - { - "name" : "99558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99558" + }, + { + "name": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10277.json b/2018/10xxx/CVE-2018-10277.json index f34f462fb0b..de4712af16b 100644 --- a/2018/10xxx/CVE-2018-10277.json +++ b/2018/10xxx/CVE-2018-10277.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10277", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10277", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14226.json b/2018/14xxx/CVE-2018-14226.json index 4a374f1d96b..1c9a2472ab7 100644 --- a/2018/14xxx/CVE-2018-14226.json +++ b/2018/14xxx/CVE-2018-14226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14226", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14226", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14385.json b/2018/14xxx/CVE-2018-14385.json index a2af3ff3652..af33fbce1a3 100644 --- a/2018/14xxx/CVE-2018-14385.json +++ b/2018/14xxx/CVE-2018-14385.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14385", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14385", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14625.json b/2018/14xxx/CVE-2018-14625.json index a9b298b0edc..676739b10bd 100644 --- a/2018/14xxx/CVE-2018-14625.json +++ b/2018/14xxx/CVE-2018-14625.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-14625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039", - "refsource" : "MISC", - "url" : "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625" - }, - { - "name" : "USN-3871-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-1/" - }, - { - "name" : "USN-3872-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3872-1/" - }, - { - "name" : "USN-3871-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-3/" - }, - { - "name" : "USN-3871-4", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-4/" - }, - { - "name" : "USN-3878-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3878-1/" - }, - { - "name" : "USN-3871-5", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-5/" - }, - { - "name" : "USN-3878-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3878-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625" + }, + { + "name": "USN-3872-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3872-1/" + }, + { + "name": "USN-3878-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3878-1/" + }, + { + "name": "USN-3871-5", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-5/" + }, + { + "name": "USN-3878-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3878-2/" + }, + { + "name": "USN-3871-4", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-4/" + }, + { + "name": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039", + "refsource": "MISC", + "url": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039" + }, + { + "name": "USN-3871-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-1/" + }, + { + "name": "USN-3871-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14762.json b/2018/14xxx/CVE-2018-14762.json index 415b5b7e04b..0b9c020329b 100644 --- a/2018/14xxx/CVE-2018-14762.json +++ b/2018/14xxx/CVE-2018-14762.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14762", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14762", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15075.json b/2018/15xxx/CVE-2018-15075.json index 6ebfda4dc7a..424265be256 100644 --- a/2018/15xxx/CVE-2018-15075.json +++ b/2018/15xxx/CVE-2018-15075.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15075", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15075", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15527.json b/2018/15xxx/CVE-2018-15527.json index 9521cbd255f..c9d1970de12 100644 --- a/2018/15xxx/CVE-2018-15527.json +++ b/2018/15xxx/CVE-2018-15527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15723.json b/2018/15xxx/CVE-2018-15723.json index 4a8940d86f0..aa842c40463 100644 --- a/2018/15xxx/CVE-2018-15723.json +++ b/2018/15xxx/CVE-2018-15723.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-12-19T00:00:00", - "ID" : "CVE-2018-15723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Logitech Harmony Hub", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware before 4.15.206" - } - ] - } - } - ] - }, - "vendor_name" : "Logitech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-346 Origin Validation Error" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-12-19T00:00:00", + "ID": "CVE-2018-15723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Logitech Harmony Hub", + "version": { + "version_data": [ + { + "version_value": "Firmware before 4.15.206" + } + ] + } + } + ] + }, + "vendor_name": "Logitech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-47", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-346 Origin Validation Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-47", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-47" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15733.json b/2018/15xxx/CVE-2018-15733.json index 6110923272e..7fb817f2849 100644 --- a/2018/15xxx/CVE-2018-15733.json +++ b/2018/15xxx/CVE-2018-15733.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15733", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15733", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15838.json b/2018/15xxx/CVE-2018-15838.json index c0c209b8f32..b52a8d4fb2e 100644 --- a/2018/15xxx/CVE-2018-15838.json +++ b/2018/15xxx/CVE-2018-15838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20727.json b/2018/20xxx/CVE-2018-20727.json index 6dc5b847317..de968be6be6 100644 --- a/2018/20xxx/CVE-2018-20727.json +++ b/2018/20xxx/CVE-2018-20727.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nedi.ch/end-of-year-update/", - "refsource" : "MISC", - "url" : "https://www.nedi.ch/end-of-year-update/" - }, - { - "name" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html", - "refsource" : "MISC", - "url" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nedi.ch/end-of-year-update/", + "refsource": "MISC", + "url": "https://www.nedi.ch/end-of-year-update/" + }, + { + "name": "https://www.sakerhetskontoret.com/disclosures/nedi/report.html", + "refsource": "MISC", + "url": "https://www.sakerhetskontoret.com/disclosures/nedi/report.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9216.json b/2018/9xxx/CVE-2018-9216.json index 85b07e30161..b63148e2c12 100644 --- a/2018/9xxx/CVE-2018-9216.json +++ b/2018/9xxx/CVE-2018-9216.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9216", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9216", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9253.json b/2018/9xxx/CVE-2018-9253.json index ba59157a3ab..6460cca7214 100644 --- a/2018/9xxx/CVE-2018-9253.json +++ b/2018/9xxx/CVE-2018-9253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file