diff --git a/2002/0xxx/CVE-2002-0019.json b/2002/0xxx/CVE-2002-0019.json index b2046baf02b..d8419c0dc62 100644 --- a/2002/0xxx/CVE-2002-0019.json +++ b/2002/0xxx/CVE-2002-0019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0019", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0019", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0104.json b/2002/0xxx/CVE-2002-0104.json index 4b1ccbc74fd..b98bdbc04a9 100644 --- a/2002/0xxx/CVE-2002-0104.json +++ b/2002/0xxx/CVE-2002-0104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020107 Aftpd core dump vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101041333323486&w=2" - }, - { - "name" : "3806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3806" - }, - { - "name" : "aftpd-crash-core-dump(7832)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7832.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aftpd-crash-core-dump(7832)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7832.php" + }, + { + "name": "20020107 Aftpd core dump vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101041333323486&w=2" + }, + { + "name": "3806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3806" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0963.json b/2002/0xxx/CVE-2002-0963.json index 64f4b027a0e..1294bcc25d4 100644 --- a/2002/0xxx/CVE-2002-0963.json +++ b/2002/0xxx/CVE-2002-0963.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020610 [ARL02-A13] Multiple Security Issues in GeekLog", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html" - }, - { - "name" : "http://geeklog.sourceforge.net/article.php?story=20020610013358149", - "refsource" : "CONFIRM", - "url" : "http://geeklog.sourceforge.net/article.php?story=20020610013358149" - }, - { - "name" : "4968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4968" - }, - { - "name" : "geeklog-sql-injection(9311)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9311.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020610 [ARL02-A13] Multiple Security Issues in GeekLog", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html" + }, + { + "name": "http://geeklog.sourceforge.net/article.php?story=20020610013358149", + "refsource": "CONFIRM", + "url": "http://geeklog.sourceforge.net/article.php?story=20020610013358149" + }, + { + "name": "geeklog-sql-injection(9311)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9311.php" + }, + { + "name": "4968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4968" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1735.json b/2002/1xxx/CVE-2002-1735.json index 07876008a03..427e6af7e5d 100644 --- a/2002/1xxx/CVE-2002-1735.json +++ b/2002/1xxx/CVE-2002-1735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4043" - }, - { - "name" : "1003493", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003493" - }, - { - "name" : "linux-dlogin-bo(8186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4043" + }, + { + "name": "1003493", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003493" + }, + { + "name": "linux-dlogin-bo(8186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8186" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2420.json b/2002/2xxx/CVE-2002-2420.json index 4fac5d614c8..943245bbce1 100644 --- a/2002/2xxx/CVE-2002-2420.json +++ b/2002/2xxx/CVE-2002-2420.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5605" - }, - { - "name" : "1005190", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1005190", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005190" + }, + { + "name": "5605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5605" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2447.json b/2002/2xxx/CVE-2002-2447.json index 62fba95a7c6..39e564dca9e 100644 --- a/2002/2xxx/CVE-2002-2447.json +++ b/2002/2xxx/CVE-2002-2447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2447", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2447", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0716.json b/2005/0xxx/CVE-2005-0716.json index bb64f3b5c41..df9bd454701 100644 --- a/2005/0xxx/CVE-2005-0716.json +++ b/2005/0xxx/CVE-2005-0716.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050321 Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=219&type=vulnerabilities" - }, - { - "name" : "APPLE-SA-2005-03-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" - }, - { - "name" : "13224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-03-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" + }, + { + "name": "13224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13224" + }, + { + "name": "20050321 Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=219&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1250.json b/2005/1xxx/CVE-2005-1250.json index 90b1e914280..20c94c98c78 100644 --- a/2005/1xxx/CVE-2005-1250.json +++ b/2005/1xxx/CVE-2005-1250.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050622 IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=268&type=vulnerabilities" - }, - { - "name" : "http://secunia.com/secunia_research/2005-13/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-13/advisory/" - }, - { - "name" : "http://www.corsaire.com/advisories/c050323-001.txt", - "refsource" : "MISC", - "url" : "http://www.corsaire.com/advisories/c050323-001.txt" - }, - { - "name" : "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20&MessageID=7699", - "refsource" : "CONFIRM", - "url" : "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20&MessageID=7699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2005-13/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-13/advisory/" + }, + { + "name": "20050622 IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=268&type=vulnerabilities" + }, + { + "name": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20&MessageID=7699", + "refsource": "CONFIRM", + "url": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20&MessageID=7699" + }, + { + "name": "http://www.corsaire.com/advisories/c050323-001.txt", + "refsource": "MISC", + "url": "http://www.corsaire.com/advisories/c050323-001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1309.json b/2005/1xxx/CVE-2005-1309.json index 284abaa5d35..ad0f3a8efe1 100644 --- a/2005/1xxx/CVE-2005-1309.json +++ b/2005/1xxx/CVE-2005-1309.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683" - }, - { - "name" : "15754", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15754" - }, - { - "name" : "15755", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15755" - }, - { - "name" : "1013811", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683" + }, + { + "name": "1013811", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013811" + }, + { + "name": "15754", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15754" + }, + { + "name": "15755", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15755" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1351.json b/2005/1xxx/CVE-2005-1351.json index cc674489945..7062883469a 100644 --- a/2005/1xxx/CVE-2005-1351.json +++ b/2005/1xxx/CVE-2005-1351.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050424 remote command execution in ad.cgi script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111446285915444&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050424 remote command execution in ad.cgi script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111446285915444&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1455.json b/2005/1xxx/CVE-2005-1455.json index d0d370ee2ed..281110d8e4b 100644 --- a/2005/1xxx/CVE-2005-1455.json +++ b/2005/1xxx/CVE-2005-1455.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200505-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml" - }, - { - "name" : "RHSA-2005:524", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-524.html" - }, - { - "name" : "SUSE-SR:2005:014", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_14_sr.html" - }, - { - "name" : "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability", - "refsource" : "FULLDISC", - "url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html" - }, - { - "name" : "http://www.freeradius.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.freeradius.org/security.html" - }, - { - "name" : "13541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13541" - }, - { - "name" : "oval:org.mitre.oval:def:9579", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579" - }, - { - "name" : "1013909", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/May/1013909.html" - }, - { - "name" : "freeradius-sqlescapefunc-bo(20450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2005:014", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html" + }, + { + "name": "oval:org.mitre.oval:def:9579", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579" + }, + { + "name": "1013909", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/May/1013909.html" + }, + { + "name": "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability", + "refsource": "FULLDISC", + "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html" + }, + { + "name": "http://www.freeradius.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.freeradius.org/security.html" + }, + { + "name": "GLSA-200505-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml" + }, + { + "name": "RHSA-2005:524", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-524.html" + }, + { + "name": "13541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13541" + }, + { + "name": "freeradius-sqlescapefunc-bo(20450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1596.json b/2005/1xxx/CVE-2005-1596.json index 2a4694ae9da..dc37efd62e5 100644 --- a/2005/1xxx/CVE-2005-1596.json +++ b/2005/1xxx/CVE-2005-1596.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/exploits/5OP042KFPU.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/5OP042KFPU.html" - }, - { - "name" : "http://www.exploits.co.in/Article1134.html", - "refsource" : "MISC", - "url" : "http://www.exploits.co.in/Article1134.html" - }, - { - "name" : "ADV-2005-0508", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0508" - }, - { - "name" : "16216", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16216" - }, - { - "name" : "16217", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16217" - }, - { - "name" : "15257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15257" - }, - { - "name" : "fusion-islogged-authentication-bypass(20531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.exploits.co.in/Article1134.html", + "refsource": "MISC", + "url": "http://www.exploits.co.in/Article1134.html" + }, + { + "name": "16216", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16216" + }, + { + "name": "ADV-2005-0508", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0508" + }, + { + "name": "15257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15257" + }, + { + "name": "http://www.securiteam.com/exploits/5OP042KFPU.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5OP042KFPU.html" + }, + { + "name": "16217", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16217" + }, + { + "name": "fusion-islogged-authentication-bypass(20531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20531" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1741.json b/2005/1xxx/CVE-2005-1741.json index 3fef78f693c..52b4a467656 100644 --- a/2005/1xxx/CVE-2005-1741.json +++ b/2005/1xxx/CVE-2005-1741.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050524 Endless loop in Halo 1.06", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/398833" - }, - { - "name" : "http://aluigi.altervista.org/adv/haloloop-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/haloloop-adv.txt" - }, - { - "name" : "13728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13728" - }, - { - "name" : "ADV-2005-0616", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0616" - }, - { - "name" : "1014067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014067" - }, - { - "name" : "15501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13728" + }, + { + "name": "1014067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014067" + }, + { + "name": "ADV-2005-0616", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0616" + }, + { + "name": "15501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15501" + }, + { + "name": "20050524 Endless loop in Halo 1.06", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/398833" + }, + { + "name": "http://aluigi.altervista.org/adv/haloloop-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/haloloop-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1792.json b/2005/1xxx/CVE-2005-1792.json index d42172db17a..1cf9d1912be 100644 --- a/2005/1xxx/CVE-2005-1792.json +++ b/2005/1xxx/CVE-2005-1792.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.networksecurity.fi/advisories/windows-wmi-rpc.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/windows-wmi-rpc.html" - }, - { - "name" : "890196", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/890196" - }, - { - "name" : "13801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13801" - }, - { - "name" : "13020", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.networksecurity.fi/advisories/windows-wmi-rpc.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/windows-wmi-rpc.html" + }, + { + "name": "13801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13801" + }, + { + "name": "13020", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13020" + }, + { + "name": "890196", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/890196" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0501.json b/2009/0xxx/CVE-2009-0501.json index 76be5d576f0..5c596a43e3d 100644 --- a/2009/0xxx/CVE-2009-0501.json +++ b/2009/0xxx/CVE-2009-0501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct \"brute force attacks on user accounts\" via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090204 CVS request - Moodle", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/04/1" - }, - { - "name" : "http://moodle.org/security/", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/security/" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct \"brute force attacks on user accounts\" via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "http://moodle.org/security/", + "refsource": "CONFIRM", + "url": "http://moodle.org/security/" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "[oss-security] 20090204 CVS request - Moodle", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/04/1" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0674.json b/2009/0xxx/CVE-2009-0674.json index 259fc8460d5..5f37cda3e64 100644 --- a/2009/0xxx/CVE-2009-0674.json +++ b/2009/0xxx/CVE-2009-0674.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500988/100/0/threaded" - }, - { - "name" : "8068", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8068" - }, - { - "name" : "http://www.waraxe.us/advisory-72.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-72.html" - }, - { - "name" : "http://ravenphpscripts.com/postt17156.html", - "refsource" : "CONFIRM", - "url" : "http://ravenphpscripts.com/postt17156.html" - }, - { - "name" : "33787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33787" - }, - { - "name" : "ravennuke-captcha-info-disclosure(48792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48792" - }, - { - "name" : "ravennuke-captcha-afonts-info-disclosure(48983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33787" + }, + { + "name": "ravennuke-captcha-info-disclosure(48792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48792" + }, + { + "name": "http://ravenphpscripts.com/postt17156.html", + "refsource": "CONFIRM", + "url": "http://ravenphpscripts.com/postt17156.html" + }, + { + "name": "ravennuke-captcha-afonts-info-disclosure(48983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48983" + }, + { + "name": "20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500988/100/0/threaded" + }, + { + "name": "8068", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8068" + }, + { + "name": "http://www.waraxe.us/advisory-72.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-72.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0985.json b/2009/0xxx/CVE-2009-0985.json index 73766016c75..0447ee41dbb 100644 --- a/2009/0xxx/CVE-2009-0985.json +++ b/2009/0xxx/CVE-2009-0985.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "1022052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022052" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "1022052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022052" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1598.json b/2009/1xxx/CVE-2009-1598.json index e5b2bd50ab2..e9ef13a989e 100644 --- a/2009/1xxx/CVE-2009-1598.json +++ b/2009/1xxx/CVE-2009-1598.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is \"a PDF file is active content.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503183/100/0/threaded" - }, - { - "name" : "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf", - "refsource" : "MISC", - "url" : "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is \"a PDF file is active content.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf", + "refsource": "MISC", + "url": "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf" + }, + { + "name": "20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503183/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1602.json b/2009/1xxx/CVE-2009-1602.json index ef4229831b1..7dc782f1007 100644 --- a/2009/1xxx/CVE-2009-1602.json +++ b/2009/1xxx/CVE-2009-1602.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8606", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8606" - }, - { - "name" : "34814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34814" - }, - { - "name" : "54215", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54215" - }, - { - "name" : "34992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34992" - }, - { - "name" : "quickneasymailserver-helo-dos(50299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54215", + "refsource": "OSVDB", + "url": "http://osvdb.org/54215" + }, + { + "name": "8606", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8606" + }, + { + "name": "34814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34814" + }, + { + "name": "quickneasymailserver-helo-dos(50299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50299" + }, + { + "name": "34992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34992" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1724.json b/2009/1xxx/CVE-2009-1724.json index 6728cc9c424..e9ffef5a18a 100644 --- a/2009/1xxx/CVE-2009-1724.json +++ b/2009/1xxx/CVE-2009-1724.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3666", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3666" - }, - { - "name" : "http://support.apple.com/kb/HT3860", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3860" - }, - { - "name" : "APPLE-SA-2009-07-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2009-09-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "35441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35441" - }, - { - "name" : "55738", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55738" - }, - { - "name" : "oval:org.mitre.oval:def:6208", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208" - }, - { - "name" : "1022525", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022525" - }, - { - "name" : "35758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35758" - }, - { - "name" : "36677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36677" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1827", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1827" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://support.apple.com/kb/HT3666", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3666" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2009-07-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html" + }, + { + "name": "35441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35441" + }, + { + "name": "ADV-2009-1827", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1827" + }, + { + "name": "55738", + "refsource": "OSVDB", + "url": "http://osvdb.org/55738" + }, + { + "name": "oval:org.mitre.oval:def:6208", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "1022525", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022525" + }, + { + "name": "APPLE-SA-2009-09-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html" + }, + { + "name": "36677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36677" + }, + { + "name": "http://support.apple.com/kb/HT3860", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3860" + }, + { + "name": "35758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35758" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1888.json b/2009/1xxx/CVE-2009-1888.json index 0024ee3d597..ddfa5ac9b3c 100644 --- a/2009/1xxx/CVE-2009-1888.json +++ b/2009/1xxx/CVE-2009-1888.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507856/100/0/threaded" - }, - { - "name" : "http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch" - }, - { - "name" : "http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch" - }, - { - "name" : "http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2009-1888.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2009-1888.html" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0145", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0145" - }, - { - "name" : "DSA-1823", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1823" - }, - { - "name" : "MDVSA-2009:196", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:196" - }, - { - "name" : "SSA:2009-177-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591" - }, - { - "name" : "USN-839-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-839-1" - }, - { - "name" : "35472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35472" - }, - { - "name" : "oval:org.mitre.oval:def:10790", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790" - }, - { - "name" : "oval:org.mitre.oval:def:7292", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292" - }, - { - "name" : "1022442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022442" - }, - { - "name" : "35539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35539" - }, - { - "name" : "35573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35573" - }, - { - "name" : "35606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35606" - }, - { - "name" : "36918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36918" - }, - { - "name" : "ADV-2009-1664", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1664" - }, - { - "name" : "samba-acl-security-bypass(51327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1664", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1664" + }, + { + "name": "DSA-1823", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1823" + }, + { + "name": "http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2009-1888.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2009-1888.html" + }, + { + "name": "20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded" + }, + { + "name": "samba-acl-security-bypass(51327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51327" + }, + { + "name": "35573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35573" + }, + { + "name": "http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch" + }, + { + "name": "35606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35606" + }, + { + "name": "SSA:2009-177-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591" + }, + { + "name": "35472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35472" + }, + { + "name": "oval:org.mitre.oval:def:7292", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292" + }, + { + "name": "http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch" + }, + { + "name": "USN-839-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-839-1" + }, + { + "name": "oval:org.mitre.oval:def:10790", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790" + }, + { + "name": "35539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35539" + }, + { + "name": "36918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36918" + }, + { + "name": "MDVSA-2009:196", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:196" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0145", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145" + }, + { + "name": "1022442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022442" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1992.json b/2009/1xxx/CVE-2009-1992.json index 0cca585ae2a..f055e60c4d4 100644 --- a/2009/1xxx/CVE-2009-1992.json +++ b/2009/1xxx/CVE-2009-1992.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36742" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "36742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36742" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0330.json b/2012/0xxx/CVE-2012-0330.json index c474bffcdd4..5acdc3462d5 100644 --- a/2012/0xxx/CVE-2012-0330.json +++ b/2012/0xxx/CVE-2012-0330.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120229 Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120229 Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2146.json b/2012/2xxx/CVE-2012-2146.json index ab0537524d5..e3e36d686be 100644 --- a/2012/2xxx/CVE-2012-2146.json +++ b/2012/2xxx/CVE-2012-2146.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120427 weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/27/8" - }, - { - "name" : "[oss-security] 20120428 Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/28/2" - }, - { - "name" : "[oss-security] 20120429 Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/29/1" - }, - { - "name" : "http://elixir.ematia.de/trac/ticket/119", - "refsource" : "MISC", - "url" : "http://elixir.ematia.de/trac/ticket/119" - }, - { - "name" : "http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=810013", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=810013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1", + "refsource": "MISC", + "url": "http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1" + }, + { + "name": "[oss-security] 20120428 Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/28/2" + }, + { + "name": "[oss-security] 20120427 weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/27/8" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=810013", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810013" + }, + { + "name": "http://elixir.ematia.de/trac/ticket/119", + "refsource": "MISC", + "url": "http://elixir.ematia.de/trac/ticket/119" + }, + { + "name": "[oss-security] 20120429 Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/29/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2578.json b/2012/2xxx/CVE-2012-2578.json index cf769a5cd84..54f3e65ba5d 100644 --- a/2012/2xxx/CVE-2012-2578.json +++ b/2012/2xxx/CVE-2012-2578.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20362", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20362/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20362", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20362/" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3119.json b/2012/3xxx/CVE-2012-3119.json index 055c0eae85c..400fe5d7056 100644 --- a/2012/3xxx/CVE-2012-3119.json +++ b/2012/3xxx/CVE-2012-3119.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54523" - }, - { - "name" : "83967", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83967" - }, - { - "name" : "1027265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027265" - }, - { - "name" : "49950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49950" - }, - { - "name" : "peoplesoftenterprise-hrmscandgate-info-disc(77028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83967", + "refsource": "OSVDB", + "url": "http://osvdb.org/83967" + }, + { + "name": "49950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49950" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "peoplesoftenterprise-hrmscandgate-info-disc(77028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77028" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "1027265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027265" + }, + { + "name": "54523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54523" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3291.json b/2012/3xxx/CVE-2012-3291.json index d068607d2bd..44a08978bd5 100644 --- a/2012/3xxx/CVE-2012-3291.json +++ b/2012/3xxx/CVE-2012-3291.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2", - "refsource" : "CONFIRM", - "url" : "http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2" - }, - { - "name" : "http://www.infradead.org/openconnect/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://www.infradead.org/openconnect/changelog.html" - }, - { - "name" : "DSA-2495", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2495" - }, - { - "name" : "FEDORA-2012-6758", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079747.html" - }, - { - "name" : "openSUSE-SU-2013:1072", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00186.html" - }, - { - "name" : "oval:org.mitre.oval:def:17242", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.infradead.org/openconnect/changelog.html", + "refsource": "CONFIRM", + "url": "http://www.infradead.org/openconnect/changelog.html" + }, + { + "name": "DSA-2495", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2495" + }, + { + "name": "FEDORA-2012-6758", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079747.html" + }, + { + "name": "oval:org.mitre.oval:def:17242", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17242" + }, + { + "name": "openSUSE-SU-2013:1072", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00186.html" + }, + { + "name": "http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2", + "refsource": "CONFIRM", + "url": "http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3411.json b/2012/3xxx/CVE-2012-3411.json index 5a5cbf0c63b..c655177b51c 100644 --- a/2012/3xxx/CVE-2012-3411.json +++ b/2012/3xxx/CVE-2012-3411.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120712 Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/12/5" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=833033", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=833033" - }, - { - "name" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2f38141f434e23292f84cefc33e8de76fb856147", - "refsource" : "CONFIRM", - "url" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2f38141f434e23292f84cefc33e8de76fb856147" - }, - { - "name" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=54dd393f3938fc0c19088fbd319b95e37d81a2b0", - "refsource" : "CONFIRM", - "url" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=54dd393f3938fc0c19088fbd319b95e37d81a2b0" - }, - { - "name" : "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG" - }, - { - "name" : "MDVSA-2013:072", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:072" - }, - { - "name" : "RHSA-2013:0276", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0276.html" - }, - { - "name" : "RHSA-2013:0277", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0277.html" - }, - { - "name" : "RHSA-2013:0579", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0579.html" - }, - { - "name" : "54353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2013:072", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:072" + }, + { + "name": "RHSA-2013:0276", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0276.html" + }, + { + "name": "[oss-security] 20120712 Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/12/5" + }, + { + "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2f38141f434e23292f84cefc33e8de76fb856147", + "refsource": "CONFIRM", + "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2f38141f434e23292f84cefc33e8de76fb856147" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=833033", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=833033" + }, + { + "name": "RHSA-2013:0579", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0579.html" + }, + { + "name": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG" + }, + { + "name": "54353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54353" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372" + }, + { + "name": "RHSA-2013:0277", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0277.html" + }, + { + "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=54dd393f3938fc0c19088fbd319b95e37d81a2b0", + "refsource": "CONFIRM", + "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=54dd393f3938fc0c19088fbd319b95e37d81a2b0" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3686.json b/2012/3xxx/CVE-2012-3686.json index 7ac18c0535d..6bb0050a094 100644 --- a/2012/3xxx/CVE-2012-3686.json +++ b/2012/3xxx/CVE-2012-3686.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3707.json b/2012/3xxx/CVE-2012-3707.json index e648a5155b9..f2c904c0806 100644 --- a/2012/3xxx/CVE-2012-3707.json +++ b/2012/3xxx/CVE-2012-3707.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85390", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85390" - }, - { - "name" : "oval:org.mitre.oval:def:17064", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17064" - }, - { - "name" : "apple-itunes-webkit-cve20123707(78520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "apple-itunes-webkit-cve20123707(78520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78520" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:17064", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17064" + }, + { + "name": "85390", + "refsource": "OSVDB", + "url": "http://osvdb.org/85390" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4784.json b/2012/4xxx/CVE-2012-4784.json index c7a31d2d51f..9b2bd6892d0 100644 --- a/2012/4xxx/CVE-2012-4784.json +++ b/2012/4xxx/CVE-2012-4784.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4784", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4784", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4786.json b/2012/4xxx/CVE-2012-4786.json index cfb1b9bf7e7..31900c214bc 100644 --- a/2012/4xxx/CVE-2012-4786.json +++ b/2012/4xxx/CVE-2012-4786.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka \"TrueType Font Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-4786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-078", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-078" - }, - { - "name" : "TA12-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15845", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka \"TrueType Font Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" + }, + { + "name": "oval:org.mitre.oval:def:15845", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15845" + }, + { + "name": "MS12-078", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-078" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4965.json b/2012/4xxx/CVE-2012-4965.json index 1cc32386825..f08c7b72190 100644 --- a/2012/4xxx/CVE-2012-4965.json +++ b/2012/4xxx/CVE-2012-4965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4965", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6569. Reason: This candidate is a reservation duplicate of CVE-2012-6569. Notes: All CVE users should reference CVE-2012-6569 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4965", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6569. Reason: This candidate is a reservation duplicate of CVE-2012-6569. Notes: All CVE users should reference CVE-2012-6569 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6003.json b/2012/6xxx/CVE-2012-6003.json index 9fe99027ecc..83db7b6d60f 100644 --- a/2012/6xxx/CVE-2012-6003.json +++ b/2012/6xxx/CVE-2012-6003.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6003", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6003", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6226.json b/2012/6xxx/CVE-2012-6226.json index 6f0a783a9df..d0e37884387 100644 --- a/2012/6xxx/CVE-2012-6226.json +++ b/2012/6xxx/CVE-2012-6226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6226", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6226", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6336.json b/2012/6xxx/CVE-2012-6336.json index 4d07a1ac8d6..527488706d1 100644 --- a/2012/6xxx/CVE-2012-6336.json +++ b/2012/6xxx/CVE-2012-6336.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html", - "refsource" : "MISC", - "url" : "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html", + "refsource": "MISC", + "url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6543.json b/2012/6xxx/CVE-2012-6543.json index 1911bd2bb8c..b2ccd89907f 100644 --- a/2012/6xxx/CVE-2012-6543.json +++ b/2012/6xxx/CVE-2012-6543.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=04d4fbca1017c11381e7d82acea21dd741e748bc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=04d4fbca1017c11381e7d82acea21dd741e748bc" - }, - { - "name" : "https://github.com/torvalds/linux/commit/04d4fbca1017c11381e7d82acea21dd741e748bc", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/04d4fbca1017c11381e7d82acea21dd741e748bc" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/04d4fbca1017c11381e7d82acea21dd741e748bc", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/04d4fbca1017c11381e7d82acea21dd741e748bc" + }, + { + "name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/05/13" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=04d4fbca1017c11381e7d82acea21dd741e748bc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=04d4fbca1017c11381e7d82acea21dd741e748bc" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2197.json b/2017/2xxx/CVE-2017-2197.json index a53e2764688..50f9d59927d 100644 --- a/2017/2xxx/CVE-2017-2197.json +++ b/2017/2xxx/CVE-2017-2197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2197", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2197", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2353.json b/2017/2xxx/CVE-2017-2353.json index eade7b84dfe..3661cd25b3e 100644 --- a/2017/2xxx/CVE-2017-2353.json +++ b/2017/2xxx/CVE-2017-2353.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41164", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41164/" - }, - { - "name" : "https://support.apple.com/HT207483", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207483" - }, - { - "name" : "95723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95723" - }, - { - "name" : "1037671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41164", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41164/" + }, + { + "name": "https://support.apple.com/HT207483", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207483" + }, + { + "name": "1037671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037671" + }, + { + "name": "95723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95723" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2831.json b/2017/2xxx/CVE-2017-2831.json index e24e57c847f..ed240542d8b 100644 --- a/2017/2xxx/CVE-2017-2831.json +++ b/2017/2xxx/CVE-2017-2831.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332" - }, - { - "name" : "99190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0332" + }, + { + "name": "99190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99190" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6225.json b/2017/6xxx/CVE-2017-6225.json index 32336198d98..f58931ed035 100644 --- a/2017/6xxx/CVE-2017-6225.json +++ b/2017/6xxx/CVE-2017-6225.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "DATE_PUBLIC" : "2018-01-31T00:00:00", - "ID" : "CVE-2017-6225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Brocade FABRIC OS", - "version" : { - "version_data" : [ - { - "version_value" : "all versions before 7.4.2b, v8.1.2 and 8.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Brocade Communications Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "DATE_PUBLIC": "2018-01-31T00:00:00", + "ID": "CVE-2017-6225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brocade FABRIC OS", + "version": { + "version_data": [ + { + "version_value": "all versions before 7.4.2b, v8.1.2 and 8.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Brocade Communications Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525", - "refsource" : "CONFIRM", - "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03851en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03851en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525", + "refsource": "CONFIRM", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-525" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03851en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03851en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6615.json b/2017/6xxx/CVE-2017-6615.json index 948ce2ddc85..6db5222e028 100644 --- a/2017/6xxx/CVE-2017-6615.json +++ b/2017/6xxx/CVE-2017-6615.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp" - }, - { - "name" : "97930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97930" - }, - { - "name" : "1038328", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038328", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038328" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp" + }, + { + "name": "97930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97930" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6636.json b/2017/6xxx/CVE-2017-6636.json index f5a45e4eff4..7035ee872db 100644 --- a/2017/6xxx/CVE-2017-6636.json +++ b/2017/6xxx/CVE-2017-6636.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4" - }, - { - "name" : "98526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98526" - }, - { - "name" : "1038515", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98526" + }, + { + "name": "1038515", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038515" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6999.json b/2017/6xxx/CVE-2017-6999.json index abcb855d5e2..3ab4a9943ba 100644 --- a/2017/6xxx/CVE-2017-6999.json +++ b/2017/6xxx/CVE-2017-6999.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-6999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"AVEVideoEncoder\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-6999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42555", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42555/" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207800", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207800" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "98571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"AVEVideoEncoder\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207800", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207800" + }, + { + "name": "42555", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42555/" + }, + { + "name": "98571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98571" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11050.json b/2018/11xxx/CVE-2018-11050.json index 3409d1feb49..07cef3fde71 100644 --- a/2018/11xxx/CVE-2018-11050.json +++ b/2018/11xxx/CVE-2018-11050.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-07-25T04:00:00.000Z", - "ID" : "CVE-2018-11050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Networker", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "9.0" - }, - { - "affected" : "<=", - "version_name" : "9.1.1.X", - "version_value" : "9.1.1.8" - }, - { - "affected" : "<=", - "version_name" : "9.2.1.X", - "version_value" : "9.2.1.3" - }, - { - "affected" : "=", - "version_value" : "18.1.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Clear-Text authentication over network vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-07-25T04:00:00.000Z", + "ID": "CVE-2018-11050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Networker", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "9.0" + }, + { + "affected": "<=", + "version_name": "9.1.1.X", + "version_value": "9.1.1.8" + }, + { + "affected": "<=", + "version_name": "9.2.1.X", + "version_value": "9.2.1.3" + }, + { + "affected": "=", + "version_value": "18.1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180725 DSA-2018-120: Dell EMC NetWorker Clear-Text authentication over network vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/92" - }, - { - "name" : "104963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104963" - }, - { - "name" : "1041393", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041393" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clear-Text authentication over network vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104963" + }, + { + "name": "1041393", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041393" + }, + { + "name": "20180725 DSA-2018-120: Dell EMC NetWorker Clear-Text authentication over network vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/92" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11384.json b/2018/11xxx/CVE-2018-11384.json index f4c781a7d4b..7dd09241429 100644 --- a/2018/11xxx/CVE-2018-11384.json +++ b/2018/11xxx/CVE-2018-11384.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add" - }, - { - "name" : "https://github.com/radare/radare2/issues/9903", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/9903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add" + }, + { + "name": "https://github.com/radare/radare2/issues/9903", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/9903" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14012.json b/2018/14xxx/CVE-2018-14012.json index be1bb399ae6..bb16a3c4a36 100644 --- a/2018/14xxx/CVE-2018-14012.json +++ b/2018/14xxx/CVE-2018-14012.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44997", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44997/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44997", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44997/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14061.json b/2018/14xxx/CVE-2018-14061.json index 5dadbe8555d..151bfd813b9 100644 --- a/2018/14xxx/CVE-2018-14061.json +++ b/2018/14xxx/CVE-2018-14061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14115.json b/2018/14xxx/CVE-2018-14115.json index 405f44c926b..5a8ff35ea4d 100644 --- a/2018/14xxx/CVE-2018-14115.json +++ b/2018/14xxx/CVE-2018-14115.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14115", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14115", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14432.json b/2018/14xxx/CVE-2018-14432.json index 197b90207bd..e2763cd00a9 100644 --- a/2018/14xxx/CVE-2018-14432.json +++ b/2018/14xxx/CVE-2018-14432.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated \"GET /v3/OS-FEDERATION/projects\" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180725 [OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/07/25/2" - }, - { - "name" : "DSA-4275", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4275" - }, - { - "name" : "RHSA-2018:2523", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2523" - }, - { - "name" : "RHSA-2018:2533", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2533" - }, - { - "name" : "RHSA-2018:2543", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2543" - }, - { - "name" : "104930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated \"GET /v3/OS-FEDERATION/projects\" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2543", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2543" + }, + { + "name": "RHSA-2018:2533", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2533" + }, + { + "name": "[oss-security] 20180725 [OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/07/25/2" + }, + { + "name": "RHSA-2018:2523", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2523" + }, + { + "name": "104930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104930" + }, + { + "name": "DSA-4275", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4275" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15481.json b/2018/15xxx/CVE-2018-15481.json index db0213e0bc6..0630478fafd 100644 --- a/2018/15xxx/CVE-2018-15481.json +++ b/2018/15xxx/CVE-2018-15481.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securite.intrinsec.com/2018/08/20/cve-2018-15481-ucopia-wireless-appliance-restricted-shell-escape-5-1-13/", - "refsource" : "MISC", - "url" : "https://securite.intrinsec.com/2018/08/20/cve-2018-15481-ucopia-wireless-appliance-restricted-shell-escape-5-1-13/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securite.intrinsec.com/2018/08/20/cve-2018-15481-ucopia-wireless-appliance-restricted-shell-escape-5-1-13/", + "refsource": "MISC", + "url": "https://securite.intrinsec.com/2018/08/20/cve-2018-15481-ucopia-wireless-appliance-restricted-shell-escape-5-1-13/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15581.json b/2018/15xxx/CVE-2018-15581.json index 108026c240f..66a9720d724 100644 --- a/2018/15xxx/CVE-2018-15581.json +++ b/2018/15xxx/CVE-2018-15581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15581", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15581", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20069.json b/2018/20xxx/CVE-2018-20069.json index 2d5480b8106..4d25aebf634 100644 --- a/2018/20xxx/CVE-2018-20069.json +++ b/2018/20xxx/CVE-2018-20069.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-20069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-20069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/890558", - "refsource" : "MISC", - "url" : "https://crbug.com/890558" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/890558", + "refsource": "MISC", + "url": "https://crbug.com/890558" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file