From 9756a41850a8f79f2f4db574be2b4f7ed345ffa0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:41:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0121.json | 140 +++++++++--------- 2002/0xxx/CVE-2002-0282.json | 170 +++++++++++----------- 2002/0xxx/CVE-2002-0309.json | 160 ++++++++++----------- 2002/0xxx/CVE-2002-0347.json | 140 +++++++++--------- 2002/0xxx/CVE-2002-0586.json | 150 ++++++++++---------- 2002/1xxx/CVE-2002-1391.json | 180 ++++++++++++------------ 2002/1xxx/CVE-2002-1620.json | 160 ++++++++++----------- 2002/2xxx/CVE-2002-2120.json | 170 +++++++++++----------- 2002/2xxx/CVE-2002-2175.json | 150 ++++++++++---------- 2005/0xxx/CVE-2005-0281.json | 150 ++++++++++---------- 2005/1xxx/CVE-2005-1197.json | 150 ++++++++++---------- 2005/1xxx/CVE-2005-1259.json | 34 ++--- 2005/1xxx/CVE-2005-1362.json | 120 ++++++++-------- 2005/1xxx/CVE-2005-1570.json | 120 ++++++++-------- 2005/1xxx/CVE-2005-1592.json | 130 ++++++++--------- 2005/1xxx/CVE-2005-1847.json | 130 ++++++++--------- 2009/0xxx/CVE-2009-0004.json | 180 ++++++++++++------------ 2009/0xxx/CVE-2009-0833.json | 150 ++++++++++---------- 2009/0xxx/CVE-2009-0884.json | 180 ++++++++++++------------ 2009/0xxx/CVE-2009-0930.json | 210 +++++++++++++-------------- 2009/1xxx/CVE-2009-1284.json | 190 ++++++++++++------------- 2009/1xxx/CVE-2009-1950.json | 130 ++++++++--------- 2012/0xxx/CVE-2012-0389.json | 210 +++++++++++++-------------- 2012/2xxx/CVE-2012-2099.json | 200 +++++++++++++------------- 2012/2xxx/CVE-2012-2417.json | 250 ++++++++++++++++----------------- 2012/2xxx/CVE-2012-2444.json | 34 ++--- 2012/2xxx/CVE-2012-2450.json | 180 ++++++++++++------------ 2012/3xxx/CVE-2012-3321.json | 140 +++++++++--------- 2012/3xxx/CVE-2012-3390.json | 160 ++++++++++----------- 2012/3xxx/CVE-2012-3420.json | 250 ++++++++++++++++----------------- 2012/3xxx/CVE-2012-3591.json | 170 +++++++++++----------- 2012/3xxx/CVE-2012-3974.json | 180 ++++++++++++------------ 2012/4xxx/CVE-2012-4024.json | 190 ++++++++++++------------- 2012/4xxx/CVE-2012-4290.json | 230 +++++++++++++++--------------- 2012/4xxx/CVE-2012-4541.json | 140 +++++++++--------- 2012/4xxx/CVE-2012-4568.json | 140 +++++++++--------- 2012/4xxx/CVE-2012-4690.json | 140 +++++++++--------- 2012/4xxx/CVE-2012-4958.json | 130 ++++++++--------- 2012/6xxx/CVE-2012-6350.json | 130 ++++++++--------- 2017/2xxx/CVE-2017-2070.json | 34 ++--- 2017/2xxx/CVE-2017-2501.json | 180 ++++++++++++------------ 2017/2xxx/CVE-2017-2910.json | 34 ++--- 2017/6xxx/CVE-2017-6235.json | 34 ++--- 2017/6xxx/CVE-2017-6317.json | 170 +++++++++++----------- 2017/6xxx/CVE-2017-6571.json | 130 ++++++++--------- 2018/11xxx/CVE-2018-11121.json | 34 ++--- 2018/11xxx/CVE-2018-11946.json | 130 ++++++++--------- 2018/11xxx/CVE-2018-11964.json | 120 ++++++++-------- 2018/14xxx/CVE-2018-14406.json | 34 ++--- 2018/15xxx/CVE-2018-15441.json | 178 +++++++++++------------ 2018/15xxx/CVE-2018-15548.json | 34 ++--- 2018/20xxx/CVE-2018-20101.json | 120 ++++++++-------- 2018/20xxx/CVE-2018-20219.json | 34 ++--- 2018/8xxx/CVE-2018-8231.json | 240 +++++++++++++++---------------- 54 files changed, 3837 insertions(+), 3837 deletions(-) diff --git a/2002/0xxx/CVE-2002-0121.json b/2002/0xxx/CVE-2002-0121.json index 407d43c0a5c..51dccfef7fb 100644 --- a/2002/0xxx/CVE-2002-0121.json +++ b/2002/0xxx/CVE-2002-0121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020113 PHP 4.x session spoofing", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/250196" - }, - { - "name" : "3873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3873" - }, - { - "name" : "php-session-temp-disclosure(7908)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7908.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3873" + }, + { + "name": "php-session-temp-disclosure(7908)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7908.php" + }, + { + "name": "20020113 PHP 4.x session spoofing", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/250196" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0282.json b/2002/0xxx/CVE-2002-0282.json index 659670a40bf..4133bb84fa4 100644 --- a/2002/0xxx/CVE-2002-0282.json +++ b/2002/0xxx/CVE-2002-0282.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020228 [ARL02-A04] DCP-Portal System Information Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101494497608620&w=2" - }, - { - "name" : "20020215 [ARL02-A02] DCP-Portal Root Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101379160830631&w=2" - }, - { - "name" : "http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1", - "refsource" : "CONFIRM", - "url" : "http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1" - }, - { - "name" : "4113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4113" - }, - { - "name" : "dcpportal-adduser-path-disclosure(8196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8196" - }, - { - "name" : "dcpportal-language-path-disclosure(8310)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8310.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dcpportal-adduser-path-disclosure(8196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8196" + }, + { + "name": "http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1", + "refsource": "CONFIRM", + "url": "http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1" + }, + { + "name": "4113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4113" + }, + { + "name": "20020215 [ARL02-A02] DCP-Portal Root Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101379160830631&w=2" + }, + { + "name": "20020228 [ARL02-A04] DCP-Portal System Information Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101494497608620&w=2" + }, + { + "name": "dcpportal-language-path-disclosure(8310)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8310.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0309.json b/2002/0xxx/CVE-2002-0309.json index d8904cd01f4..d39b9904ad0 100644 --- a/2002/0xxx/CVE-2002-0309.json +++ b/2002/0xxx/CVE-2002-0309.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101430810813853&w=2" - }, - { - "name" : "20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101424307617060&w=2" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html" - }, - { - "name" : "4141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4141" - }, - { - "name" : "sef-smtp-proxy-information(8251)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8251.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101424307617060&w=2" + }, + { + "name": "sef-smtp-proxy-information(8251)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8251.php" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html" + }, + { + "name": "20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101430810813853&w=2" + }, + { + "name": "4141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4141" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0347.json b/2002/0xxx/CVE-2002-0347.json index 5171b032b4e..ed4c32664db 100644 --- a/2002/0xxx/CVE-2002-0347.json +++ b/2002/0xxx/CVE-2002-0347.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101495944202452&w=2" - }, - { - "name" : "4208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4208" - }, - { - "name" : "cobalt-raq-directory-traversal(8322)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8322.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101495944202452&w=2" + }, + { + "name": "4208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4208" + }, + { + "name": "cobalt-raq-directory-traversal(8322)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8322.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0586.json b/2002/0xxx/CVE-2002-0586.json index f838c1dbb0f..225bb554e15 100644 --- a/2002/0xxx/CVE-2002-0586.json +++ b/2002/0xxx/CVE-2002-0586.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152" - }, - { - "name" : "4535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4535" - }, - { - "name" : "aolserver-dbproxy-format-string(8860)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8860.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aolserver-dbproxy-format-string(8860)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8860.php" + }, + { + "name": "20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html" + }, + { + "name": "4535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4535" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1391.json b/2002/1xxx/CVE-2002-1391.json index f7962fa4407..f6f2b8eab41 100644 --- a/2002/1xxx/CVE-2002-1391.json +++ b/2002/1xxx/CVE-2002-1391.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty", - "refsource" : "CONFIRM", - "url" : "http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty" - }, - { - "name" : "CSSA-2003-021.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt" - }, - { - "name" : "GLSA-200304-09", - "refsource" : "GENTOO", - "url" : "http://marc.info/?l=bugtraq&m=105154413326136&w=2" - }, - { - "name" : "RHSA-2003:008", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-008.html" - }, - { - "name" : "RHSA-2003:036", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-036.html" - }, - { - "name" : "7303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7303" - }, - { - "name" : "mgetty-cndprogram-callername-bo(11072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mgetty-cndprogram-callername-bo(11072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11072" + }, + { + "name": "RHSA-2003:036", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-036.html" + }, + { + "name": "7303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7303" + }, + { + "name": "CSSA-2003-021.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt" + }, + { + "name": "GLSA-200304-09", + "refsource": "GENTOO", + "url": "http://marc.info/?l=bugtraq&m=105154413326136&w=2" + }, + { + "name": "RHSA-2003:008", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-008.html" + }, + { + "name": "http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty", + "refsource": "CONFIRM", + "url": "http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1620.json b/2002/1xxx/CVE-2002-1620.json index 61998765e6d..3f610f804d5 100644 --- a/2002/1xxx/CVE-2002-1620.json +++ b/2002/1xxx/CVE-2002-1620.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY20699", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY20699&apar=only" - }, - { - "name" : "IY28063", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY28063&apar=only" - }, - { - "name" : "IY28065", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY28065&apar=only" - }, - { - "name" : "VU#640827", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/640827" - }, - { - "name" : "aix-pssp-information-disclosure(10671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY28063", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY28063&apar=only" + }, + { + "name": "VU#640827", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/640827" + }, + { + "name": "IY28065", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY28065&apar=only" + }, + { + "name": "IY20699", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY20699&apar=only" + }, + { + "name": "aix-pssp-information-disclosure(10671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10671" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2120.json b/2002/2xxx/CVE-2002-2120.json index 3d6ab0271b6..eb30166ee10 100644 --- a/2002/2xxx/CVE-2002-2120.json +++ b/2002/2xxx/CVE-2002-2120.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020531 Multiple vulnerabilities in QNX", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html" - }, - { - "name" : "20020601 Re: Multiple vulnerabilities in QNX", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0293.html" - }, - { - "name" : "4905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4905" - }, - { - "name" : "4906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4906" - }, - { - "name" : "qnx-rtos-watcom-bo(9235)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9235.php" - }, - { - "name" : "qnx-rtos-int10-bo(9236)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9236.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4906" + }, + { + "name": "20020531 Multiple vulnerabilities in QNX", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html" + }, + { + "name": "qnx-rtos-int10-bo(9236)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9236.php" + }, + { + "name": "20020601 Re: Multiple vulnerabilities in QNX", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0293.html" + }, + { + "name": "4905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4905" + }, + { + "name": "qnx-rtos-watcom-bo(9235)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9235.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2175.json b/2002/2xxx/CVE-2002-2175.json index 962869e827b..625951604f1 100644 --- a/2002/2xxx/CVE-2002-2175.json +++ b/2002/2xxx/CVE-2002-2175.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020623 phpsquidpass: unauthorized user deleting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102508071021631&w=2" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=188359", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=188359" - }, - { - "name" : "phpsquidpass-user-deletion(9417)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9417.php" - }, - { - "name" : "5090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpsquidpass-user-deletion(9417)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9417.php" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=188359", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=188359" + }, + { + "name": "20020623 phpsquidpass: unauthorized user deleting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102508071021631&w=2" + }, + { + "name": "5090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5090" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0281.json b/2005/0xxx/CVE-2005-0281.json index ef5628767f4..9dd4891e50e 100644 --- a/2005/0xxx/CVE-2005-0281.json +++ b/2005/0xxx/CVE-2005-0281.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050104 Socket termination, format string and XSS in Soldner Secret Wars", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110486654213504&w=2" - }, - { - "name" : "12162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12162" - }, - { - "name" : "13716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13716" - }, - { - "name" : "soldner-secret-wars-xss(18753)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12162" + }, + { + "name": "13716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13716" + }, + { + "name": "20050104 Socket termination, format string and XSS in Soldner Secret Wars", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110486654213504&w=2" + }, + { + "name": "soldner-secret-wars-xss(18753)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18753" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1197.json b/2005/1xxx/CVE-2005-1197.json index c0b4a500e4d..243f8f5832d 100644 --- a/2005/1xxx/CVE-2005-1197.json +++ b/2005/1xxx/CVE-2005-1197.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050418 [AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111385690419118&w=2" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf" - }, - { - "name" : "TA05-117A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-117A.html" - }, - { - "name" : "VU#948486", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/948486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050418 [AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111385690419118&w=2" + }, + { + "name": "VU#948486", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/948486" + }, + { + "name": "TA05-117A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-117A.html" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1259.json b/2005/1xxx/CVE-2005-1259.json index 7fe4d6cf46e..13a30473099 100644 --- a/2005/1xxx/CVE-2005-1259.json +++ b/2005/1xxx/CVE-2005-1259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1362.json b/2005/1xxx/CVE-2005-1362.json index 70f9bb550eb..e90f1ed9375 100644 --- a/2005/1xxx/CVE-2005-1362.json +++ b/2005/1xxx/CVE-2005-1362.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050426 Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111454090503662&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050426 Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111454090503662&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1570.json b/2005/1xxx/CVE-2005-1570.json index 8f4a84a54fa..547cf24d2c6 100644 --- a/2005/1xxx/CVE-2005-1570.json +++ b/2005/1xxx/CVE-2005-1570.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013934", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013934", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013934" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1592.json b/2005/1xxx/CVE-2005-1592.json index b28d391a29d..200b3399fcd 100644 --- a/2005/1xxx/CVE-2005-1592.json +++ b/2005/1xxx/CVE-2005-1592.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple \"javascript vulerabilities in BB code\" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=324788", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=324788" - }, - { - "name" : "15206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple \"javascript vulerabilities in BB code\" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15206" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=324788", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=324788" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1847.json b/2005/1xxx/CVE-2005-1847.json index ba0ed57388f..95854d6172b 100644 --- a/2005/1xxx/CVE-2005-1847.json +++ b/2005/1xxx/CVE-2005-1847.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2005-1847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html", - "refsource" : "CONFIRM", - "url" : "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html" - }, - { - "name" : "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html", + "refsource": "CONFIRM", + "url": "http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html" + }, + { + "name": "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0004.json b/2009/0xxx/CVE-2009-0004.json index b4bcde189cf..10f3e9d30a2 100644 --- a/2009/0xxx/CVE-2009-0004.json +++ b/2009/0xxx/CVE-2009-0004.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3403", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3403" - }, - { - "name" : "APPLE-SA-2009-01-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html" - }, - { - "name" : "TA09-022A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-022A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6211", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6211" - }, - { - "name" : "ADV-2009-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0212" - }, - { - "name" : "33632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33632" - }, - { - "name" : "quicktime-mpeg2-bo(48157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6211", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6211" + }, + { + "name": "TA09-022A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-022A.html" + }, + { + "name": "quicktime-mpeg2-bo(48157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48157" + }, + { + "name": "APPLE-SA-2009-01-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html" + }, + { + "name": "ADV-2009-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0212" + }, + { + "name": "http://support.apple.com/kb/HT3403", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3403" + }, + { + "name": "33632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33632" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0833.json b/2009/0xxx/CVE-2009-0833.json index 4b23bbd9557..fc39785fbf1 100644 --- a/2009/0xxx/CVE-2009-0833.json +++ b/2009/0xxx/CVE-2009-0833.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7696", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7696" - }, - { - "name" : "33159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33159" - }, - { - "name" : "oval:org.mitre.oval:def:15659", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15659" - }, - { - "name" : "33425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7696", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7696" + }, + { + "name": "33159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33159" + }, + { + "name": "33425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33425" + }, + { + "name": "oval:org.mitre.oval:def:15659", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15659" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0884.json b/2009/0xxx/CVE-2009-0884.json index d48d48a1435..bbdd03f5389 100644 --- a/2009/0xxx/CVE-2009-0884.json +++ b/2009/0xxx/CVE-2009-0884.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://filezilla-project.org/index.php", - "refsource" : "CONFIRM", - "url" : "http://filezilla-project.org/index.php" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=665428", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=665428" - }, - { - "name" : "34006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34006" - }, - { - "name" : "1021812", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021812" - }, - { - "name" : "34089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34089" - }, - { - "name" : "ADV-2009-0603", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0603" - }, - { - "name" : "filezillaserver-ssltls-dos(49107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=665428", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=665428" + }, + { + "name": "34006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34006" + }, + { + "name": "1021812", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021812" + }, + { + "name": "34089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34089" + }, + { + "name": "filezillaserver-ssltls-dos(49107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49107" + }, + { + "name": "http://filezilla-project.org/index.php", + "refsource": "CONFIRM", + "url": "http://filezilla-project.org/index.php" + }, + { + "name": "ADV-2009-0603", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0603" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0930.json b/2009/0xxx/CVE-2009-0930.json index 151b6962df6..869588b6ef5 100644 --- a/2009/0xxx/CVE-2009-0930.json +++ b/2009/0xxx/CVE-2009-0930.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20090127 IMP 4.2.2 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2009/000484.html" - }, - { - "name" : "[announce] 20090127 IMP 4.3.3 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2009/000485.html" - }, - { - "name" : "http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3" - }, - { - "name" : "http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375" - }, - { - "name" : "DSA-1770", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1770" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "33492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33492" - }, - { - "name" : "33719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33719" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "34703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "33719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33719" + }, + { + "name": "DSA-1770", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1770" + }, + { + "name": "http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3" + }, + { + "name": "[announce] 20090127 IMP 4.2.2 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2009/000484.html" + }, + { + "name": "34703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34703" + }, + { + "name": "[announce] 20090127 IMP 4.3.3 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2009/000485.html" + }, + { + "name": "33492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33492" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1284.json b/2009/1xxx/CVE-2009-1284.json index 348d35c33e1..12be52a54a4 100644 --- a/2009/1xxx/CVE-2009-1284.json +++ b/2009/1xxx/CVE-2009-1284.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090401 CVE request -- bibtex, pam_ssh", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/04/01/8" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=492136", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=492136" - }, - { - "name" : "FEDORA-2009-10730", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00505.html" - }, - { - "name" : "FEDORA-2009-10857", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00507.html" - }, - { - "name" : "GLSA-201206-28", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-28.xml" - }, - { - "name" : "USN-937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-937-1" - }, - { - "name" : "34445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090401 CVE request -- bibtex, pam_ssh", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/04/01/8" + }, + { + "name": "GLSA-201206-28", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-28.xml" + }, + { + "name": "FEDORA-2009-10730", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00505.html" + }, + { + "name": "34445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34445" + }, + { + "name": "FEDORA-2009-10857", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00507.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=492136", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=492136" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920" + }, + { + "name": "USN-937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-937-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1950.json b/2009/1xxx/CVE-2009-1950.json index 31f1e685a4f..7af053f7c85 100644 --- a/2009/1xxx/CVE-2009-1950.json +++ b/2009/1xxx/CVE-2009-1950.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8859", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8859" - }, - { - "name" : "35290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8859", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8859" + }, + { + "name": "35290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35290" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0389.json b/2012/0xxx/CVE-2012-0389.json index f356fc84a28..610cbd81191 100644 --- a/2012/0xxx/CVE-2012-0389.json +++ b/2012/0xxx/CVE-2012-0389.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120112 ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html" - }, - { - "name" : "18447", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18447" - }, - { - "name" : "http://www.nerv.fi/CVE-2012-0389.txt", - "refsource" : "MISC", - "url" : "http://www.nerv.fi/CVE-2012-0389.txt" - }, - { - "name" : "http://www.mailenable.com/kb/Content/Article.asp?ID=me020567", - "refsource" : "CONFIRM", - "url" : "http://www.mailenable.com/kb/Content/Article.asp?ID=me020567" - }, - { - "name" : "51401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51401" - }, - { - "name" : "78242", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78242" - }, - { - "name" : "1026519", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026519" - }, - { - "name" : "47518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47518" - }, - { - "name" : "47562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47562" - }, - { - "name" : "mailenable-forgottenpassword-xss(72380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47518" + }, + { + "name": "1026519", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026519" + }, + { + "name": "51401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51401" + }, + { + "name": "20120112 ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html" + }, + { + "name": "78242", + "refsource": "OSVDB", + "url": "http://osvdb.org/78242" + }, + { + "name": "http://www.nerv.fi/CVE-2012-0389.txt", + "refsource": "MISC", + "url": "http://www.nerv.fi/CVE-2012-0389.txt" + }, + { + "name": "http://www.mailenable.com/kb/Content/Article.asp?ID=me020567", + "refsource": "CONFIRM", + "url": "http://www.mailenable.com/kb/Content/Article.asp?ID=me020567" + }, + { + "name": "mailenable-forgottenpassword-xss(72380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72380" + }, + { + "name": "47562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47562" + }, + { + "name": "18447", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18447" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2099.json b/2012/2xxx/CVE-2012-2099.json index 573799cdc85..b7d9c41c10b 100644 --- a/2012/2xxx/CVE-2012-2099.json +++ b/2012/2xxx/CVE-2012-2099.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120310 Wikidforum 2.10 Multiple security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0046.html" - }, - { - "name" : "[oss-security] 20120412 CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/12/5" - }, - { - "name" : "[oss-security] 20120412 Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/12/12" - }, - { - "name" : "http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt", - "refsource" : "MISC", - "url" : "http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt" - }, - { - "name" : "http://www.wikidforum.com/forum/forum-software_29/wikidforum-support_31/sschadv2012-005-unfixed-xss-and-sql-injection-security-vulnerabilities_188.html", - "refsource" : "MISC", - "url" : "http://www.wikidforum.com/forum/forum-software_29/wikidforum-support_31/sschadv2012-005-unfixed-xss-and-sql-injection-security-vulnerabilities_188.html" - }, - { - "name" : "52425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52425" - }, - { - "name" : "80838", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80838" - }, - { - "name" : "80839", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80839" - }, - { - "name" : "wikidforum-search-xss(73985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wikidforum.com/forum/forum-software_29/wikidforum-support_31/sschadv2012-005-unfixed-xss-and-sql-injection-security-vulnerabilities_188.html", + "refsource": "MISC", + "url": "http://www.wikidforum.com/forum/forum-software_29/wikidforum-support_31/sschadv2012-005-unfixed-xss-and-sql-injection-security-vulnerabilities_188.html" + }, + { + "name": "20120310 Wikidforum 2.10 Multiple security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0046.html" + }, + { + "name": "80838", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80838" + }, + { + "name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt", + "refsource": "MISC", + "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt" + }, + { + "name": "[oss-security] 20120412 Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/12/12" + }, + { + "name": "[oss-security] 20120412 CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/12/5" + }, + { + "name": "52425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52425" + }, + { + "name": "80839", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80839" + }, + { + "name": "wikidforum-search-xss(73985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73985" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2417.json b/2012/2xxx/CVE-2012-2417.json index edcfb71163d..723801b2848 100644 --- a/2012/2xxx/CVE-2012-2417.json +++ b/2012/2xxx/CVE-2012-2417.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120524 CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/25/1" - }, - { - "name" : "https://bugs.launchpad.net/pycrypto/+bug/985164", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/pycrypto/+bug/985164" - }, - { - "name" : "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2", - "refsource" : "MISC", - "url" : "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2" - }, - { - "name" : "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog" - }, - { - "name" : "DSA-2502", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2502" - }, - { - "name" : "FEDORA-2012-8392", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html" - }, - { - "name" : "FEDORA-2012-8470", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html" - }, - { - "name" : "FEDORA-2012-8490", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html" - }, - { - "name" : "MDVSA-2012:117", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117" - }, - { - "name" : "openSUSE-SU-2012:0830", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15083589" - }, - { - "name" : "53687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53687" - }, - { - "name" : "82279", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82279" - }, - { - "name" : "49263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49263" - }, - { - "name" : "pycrypto-keys-weak-security(75871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2502", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2502" + }, + { + "name": "82279", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82279" + }, + { + "name": "FEDORA-2012-8470", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html" + }, + { + "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2", + "refsource": "MISC", + "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2" + }, + { + "name": "MDVSA-2012:117", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117" + }, + { + "name": "53687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53687" + }, + { + "name": "https://bugs.launchpad.net/pycrypto/+bug/985164", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/pycrypto/+bug/985164" + }, + { + "name": "FEDORA-2012-8392", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html" + }, + { + "name": "49263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49263" + }, + { + "name": "FEDORA-2012-8490", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html" + }, + { + "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1" + }, + { + "name": "openSUSE-SU-2012:0830", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15083589" + }, + { + "name": "pycrypto-keys-weak-security(75871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871" + }, + { + "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2444.json b/2012/2xxx/CVE-2012-2444.json index aa603b5b513..2f4d63ad264 100644 --- a/2012/2xxx/CVE-2012-2444.json +++ b/2012/2xxx/CVE-2012-2444.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2444", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2444", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2450.json b/2012/2xxx/CVE-2012-2450.json index ab3090b3271..606edacbc1f 100644 --- a/2012/2xxx/CVE-2012-2450.json +++ b/2012/2xxx/CVE-2012-2450.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2012-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2012-0009.html" - }, - { - "name" : "53369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53369" - }, - { - "name" : "81695", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81695" - }, - { - "name" : "oval:org.mitre.oval:def:16852", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16852" - }, - { - "name" : "1027019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027019" - }, - { - "name" : "49032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49032" - }, - { - "name" : "esxserver-scsi-priv-esc(75377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "esxserver-scsi-priv-esc(75377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75377" + }, + { + "name": "oval:org.mitre.oval:def:16852", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16852" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2012-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2012-0009.html" + }, + { + "name": "49032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49032" + }, + { + "name": "53369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53369" + }, + { + "name": "81695", + "refsource": "OSVDB", + "url": "http://osvdb.org/81695" + }, + { + "name": "1027019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027019" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3321.json b/2012/3xxx/CVE-2012-3321.json index 0be10de2209..6111c762533 100644 --- a/2012/3xxx/CVE-2012-3321.json +++ b/2012/3xxx/CVE-2012-3321.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625624", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" - }, - { - "name" : "IV25198", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198" - }, - { - "name" : "mam-expiredpassword-security-bypass(77916)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mam-expiredpassword-security-bypass(77916)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77916" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" + }, + { + "name": "IV25198", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3390.json b/2012/3xxx/CVE-2012-3390.json index 6833d804f57..da427e0d73b 100644 --- a/2012/3xxx/CVE-2012-3390.json +++ b/2012/3xxx/CVE-2012-3390.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120717 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/07/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d" - }, - { - "name" : "54481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54481" - }, - { - "name" : "49890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49890" - }, - { - "name" : "moodle-pluginfile-sec-bypass(76956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d" + }, + { + "name": "49890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49890" + }, + { + "name": "[oss-security] 20120717 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/07/17/1" + }, + { + "name": "54481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54481" + }, + { + "name": "moodle-pluginfile-sec-bypass(76956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76956" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3420.json b/2012/3xxx/CVE-2012-3420.json index 478312d5e98..448a8866c4b 100644 --- a/2012/3xxx/CVE-2012-3420.json +++ b/2012/3xxx/CVE-2012-3420.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120816 pcp: Multiple security flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/16/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=841298", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=841298" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=841319", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=841319" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=841704", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=841704" - }, - { - "name" : "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6", - "refsource" : "CONFIRM", - "url" : "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6" - }, - { - "name" : "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4", - "refsource" : "CONFIRM", - "url" : "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4" - }, - { - "name" : "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae", - "refsource" : "CONFIRM", - "url" : "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae" - }, - { - "name" : "DSA-2533", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2533" - }, - { - "name" : "FEDORA-2012-12024", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html" - }, - { - "name" : "FEDORA-2012-12076", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html" - }, - { - "name" : "openSUSE-SU-2012:1079", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15540133" - }, - { - "name" : "openSUSE-SU-2012:1081", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15540172" - }, - { - "name" : "openSUSE-SU-2012:1036", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15471040" - }, - { - "name" : "SUSE-SU-2013:0190", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6", + "refsource": "CONFIRM", + "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6" + }, + { + "name": "openSUSE-SU-2012:1079", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15540133" + }, + { + "name": "openSUSE-SU-2012:1081", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15540172" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841319", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319" + }, + { + "name": "[oss-security] 20120816 pcp: Multiple security flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1" + }, + { + "name": "FEDORA-2012-12076", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html" + }, + { + "name": "openSUSE-SU-2012:1036", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15471040" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841704", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704" + }, + { + "name": "FEDORA-2012-12024", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841298", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298" + }, + { + "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4", + "refsource": "CONFIRM", + "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4" + }, + { + "name": "SUSE-SU-2013:0190", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html" + }, + { + "name": "DSA-2533", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2533" + }, + { + "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae", + "refsource": "CONFIRM", + "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3591.json b/2012/3xxx/CVE-2012-3591.json index 4753d087f43..0d8568cf65a 100644 --- a/2012/3xxx/CVE-2012-3591.json +++ b/2012/3xxx/CVE-2012-3591.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3974.json b/2012/3xxx/CVE-2012-3974.json index df832483169..2de676513e1 100644 --- a/2012/3xxx/CVE-2012-3974.json +++ b/2012/3xxx/CVE-2012-3974.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-67.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-67.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=770478", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=770478" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "55312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55312" - }, - { - "name" : "oval:org.mitre.oval:def:16692", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55312" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-67.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-67.html" + }, + { + "name": "oval:org.mitre.oval:def:16692", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=770478", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=770478" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4024.json b/2012/4xxx/CVE-2012-4024.json index 33c77424138..6e3b6aa9308 100644 --- a/2012/4xxx/CVE-2012-4024.json +++ b/2012/4xxx/CVE-2012-4024.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/19/6" - }, - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel", - "refsource" : "MISC", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001" - }, - { - "name" : "GLSA-201612-40", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-40" - }, - { - "name" : "MDVSA-2013:128", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128" - }, - { - "name" : "54610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54610" - }, - { - "name" : "83898", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/83898" - }, - { - "name" : "squashfs-getcomponent-bo(77106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/19/6" + }, + { + "name": "83898", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/83898" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001" + }, + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel", + "refsource": "MISC", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel" + }, + { + "name": "54610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54610" + }, + { + "name": "GLSA-201612-40", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-40" + }, + { + "name": "MDVSA-2013:128", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128" + }, + { + "name": "squashfs-getcomponent-bo(77106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4290.json b/2012/4xxx/CVE-2012-4290.json index 96ca704f77f..40d98f6385a 100644 --- a/2012/4xxx/CVE-2012-4290.json +++ b/2012/4xxx/CVE-2012-4290.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-23.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7573", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7573" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "RHSA-2013:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html" - }, - { - "name" : "openSUSE-SU-2012:1067", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514562" - }, - { - "name" : "openSUSE-SU-2012:1035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" - }, - { - "name" : "55035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55035" - }, - { - "name" : "oval:org.mitre.oval:def:15619", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15619" - }, - { - "name" : "51363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51363" - }, - { - "name" : "50276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50276" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55035" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "RHSA-2013:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html" + }, + { + "name": "oval:org.mitre.oval:def:15619", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15619" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7573", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7573" + }, + { + "name": "51363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51363" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-23.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-23.html" + }, + { + "name": "openSUSE-SU-2012:1035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" + }, + { + "name": "50276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50276" + }, + { + "name": "openSUSE-SU-2012:1067", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514562" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4541.json b/2012/4xxx/CVE-2012-4541.json index 222bcc5f55b..0ff1a749713 100644 --- a/2012/4xxx/CVE-2012-4541.json +++ b/2012/4xxx/CVE-2012-4541.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121022 Re: CVE request: XSS in piwik before 1.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/22/1" - }, - { - "name" : "[oss-security] 20121023 Re: CVE request: XSS in piwik before 1.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/23/2" - }, - { - "name" : "http://piwik.org/blog/2012/10/piwik-1-9/", - "refsource" : "CONFIRM", - "url" : "http://piwik.org/blog/2012/10/piwik-1-9/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://piwik.org/blog/2012/10/piwik-1-9/", + "refsource": "CONFIRM", + "url": "http://piwik.org/blog/2012/10/piwik-1-9/" + }, + { + "name": "[oss-security] 20121022 Re: CVE request: XSS in piwik before 1.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/22/1" + }, + { + "name": "[oss-security] 20121023 Re: CVE request: XSS in piwik before 1.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/23/2" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4568.json b/2012/4xxx/CVE-2012-4568.json index 38bc72f8c7a..ebd9d9a5481 100644 --- a/2012/4xxx/CVE-2012-4568.json +++ b/2012/4xxx/CVE-2012-4568.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121005 CVE request: LetoDMS, more issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/06/1" - }, - { - "name" : "[oss-security] 20121031 CVE request: LetoDMS, more issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/31/7" - }, - { - "name" : "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121005 CVE request: LetoDMS, more issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/06/1" + }, + { + "name": "[oss-security] 20121031 CVE request: LetoDMS, more issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/31/7" + }, + { + "name": "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4690.json b/2012/4xxx/CVE-2012-4690.json index 399a22a288b..90d19ca7ba6 100644 --- a/2012/4xxx/CVE-2012-4690.json +++ b/2012/4xxx/CVE-2012-4690.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-4690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf" - }, - { - "name" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/511407", - "refsource" : "MISC", - "url" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/511407" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-342-01A", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-342-01A" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-342-01A", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-342-01A" + }, + { + "name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/511407", + "refsource": "MISC", + "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/511407" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4958.json b/2012/4xxx/CVE-2012-4958.json index b6a463a2213..932ca5e95c9 100644 --- a/2012/4xxx/CVE-2012-4958.json +++ b/2012/4xxx/CVE-2012-4958.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959" - }, - { - "name" : "VU#273371", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/273371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#273371", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/273371" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6350.json b/2012/6xxx/CVE-2012-6350.json index 51370ddf644..7c1e4ed1124 100644 --- a/2012/6xxx/CVE-2012-6350.json +++ b/2012/6xxx/CVE-2012-6350.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-6350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621782", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621782" - }, - { - "name" : "cognos-tm1-web-xss(80670)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621782", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621782" + }, + { + "name": "cognos-tm1-web-xss(80670)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80670" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2070.json b/2017/2xxx/CVE-2017-2070.json index 7753b945f26..9f55b50bacd 100644 --- a/2017/2xxx/CVE-2017-2070.json +++ b/2017/2xxx/CVE-2017-2070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2070", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2501.json b/2017/2xxx/CVE-2017-2501.json index 13127a29fa4..d19d1ac3ac2 100644 --- a/2017/2xxx/CVE-2017-2501.json +++ b/2017/2xxx/CVE-2017-2501.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"Kernel\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42054", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42054/" - }, - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207800", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207800" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "98468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98468" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"Kernel\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + }, + { + "name": "https://support.apple.com/HT207800", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207800" + }, + { + "name": "98468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98468" + }, + { + "name": "42054", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42054/" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2910.json b/2017/2xxx/CVE-2017-2910.json index f7c70da333e..0c4319cf14d 100644 --- a/2017/2xxx/CVE-2017-2910.json +++ b/2017/2xxx/CVE-2017-2910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6235.json b/2017/6xxx/CVE-2017-6235.json index baaee886bf5..11aa1669534 100644 --- a/2017/6xxx/CVE-2017-6235.json +++ b/2017/6xxx/CVE-2017-6235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6235", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6235", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6317.json b/2017/6xxx/CVE-2017-6317.json index d1ce0aa1b10..119297230e5 100644 --- a/2017/6xxx/CVE-2017-6317.json +++ b/2017/6xxx/CVE-2017-6317.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170225 CVE-2017-6317 Virglrenderer: memory leakage issue in add_shader_program", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/24/5" - }, - { - "name" : "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", - "refsource" : "MLIST", - "url" : "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1426756", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1426756" - }, - { - "name" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4" - }, - { - "name" : "GLSA-201707-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-06" - }, - { - "name" : "96450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201707-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-06" + }, + { + "name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", + "refsource": "MLIST", + "url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" + }, + { + "name": "[oss-security] 20170225 CVE-2017-6317 Virglrenderer: memory leakage issue in add_shader_program", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/24/5" + }, + { + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1426756", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426756" + }, + { + "name": "96450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96450" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6571.json b/2017/6xxx/CVE-2017-6571.json index c630a9f6007..bb9faea6cc9 100644 --- a/2017/6xxx/CVE-2017-6571.json +++ b/2017/6xxx/CVE-2017-6571.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", - "refsource" : "MISC", - "url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" - }, - { - "name" : "96783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96783" + }, + { + "name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", + "refsource": "MISC", + "url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11121.json b/2018/11xxx/CVE-2018-11121.json index 7f3abf8b187..15e69faa639 100644 --- a/2018/11xxx/CVE-2018-11121.json +++ b/2018/11xxx/CVE-2018-11121.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11121", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11121", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11946.json b/2018/11xxx/CVE-2018-11946.json index a999d5bb1cf..8e819368a4f 100644 --- a/2018/11xxx/CVE-2018-11946.json +++ b/2018/11xxx/CVE-2018-11946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/qsdk/oss/system/feeds/routing/commit/?id=3f625190fb469cb56de619eae6b5ca8db2463d5b", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/qsdk/oss/system/feeds/routing/commit/?id=3f625190fb469cb56de619eae6b5ca8db2463d5b" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/qsdk/oss/system/feeds/routing/commit/?id=3f625190fb469cb56de619eae6b5ca8db2463d5b", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/qsdk/oss/system/feeds/routing/commit/?id=3f625190fb469cb56de619eae6b5ca8db2463d5b" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11964.json b/2018/11xxx/CVE-2018-11964.json index e17878012dc..c04dc4383fc 100644 --- a/2018/11xxx/CVE-2018-11964.json +++ b/2018/11xxx/CVE-2018-11964.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Permissions, Privileges and Access Controls in Yocto" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permissions, Privileges and Access Controls in Yocto" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14406.json b/2018/14xxx/CVE-2018-14406.json index 26edae32115..776151e2d03 100644 --- a/2018/14xxx/CVE-2018-14406.json +++ b/2018/14xxx/CVE-2018-14406.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14406", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14406", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15441.json b/2018/15xxx/CVE-2018-15441.json index c49e4b5fb8d..e800967ba40 100644 --- a/2018/15xxx/CVE-2018-15441.json +++ b/2018/15xxx/CVE-2018-15441.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-11-28T16:00:00-0600", - "ID" : "CVE-2018-15441", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Prime License Manager SQL Injection Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime License Manager ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "9.4", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-11-28T16:00:00-0600", + "ID": "CVE-2018-15441", + "STATE": "PUBLIC", + "TITLE": "Cisco Prime License Manager SQL Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime License Manager ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181128 Cisco Prime License Manager SQL Injection Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject" - }, - { - "name" : "106039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106039" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181128-plm-sql-inject", - "defect" : [ - [ - "CSCvk30822" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "9.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106039" + }, + { + "name": "20181128 Cisco Prime License Manager SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181128-plm-sql-inject", + "defect": [ + [ + "CSCvk30822" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15548.json b/2018/15xxx/CVE-2018-15548.json index 82080fcd4cb..7d1783933b2 100644 --- a/2018/15xxx/CVE-2018-15548.json +++ b/2018/15xxx/CVE-2018-15548.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15548", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15548", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20101.json b/2018/20xxx/CVE-2018-20101.json index 8cf03d26382..e345f5315d9 100644 --- a/2018/20xxx/CVE-2018-20101.json +++ b/2018/20xxx/CVE-2018-20101.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The codection \"Import users from CSV with meta\" plugin before 1.12.1 for WordPress allows XSS via the value of a cell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The codection \"Import users from CSV with meta\" plugin before 1.12.1 for WordPress allows XSS via the value of a cell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20219.json b/2018/20xxx/CVE-2018-20219.json index 76627cb4311..9e03b1ea8a4 100644 --- a/2018/20xxx/CVE-2018-20219.json +++ b/2018/20xxx/CVE-2018-20219.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20219", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20219", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8231.json b/2018/8xxx/CVE-2018-8231.json index 655181bfcb7..9840569958c 100644 --- a/2018/8xxx/CVE-2018-8231.json +++ b/2018/8xxx/CVE-2018-8231.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka \"HTTP Protocol Stack Remote Code Execution Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8231", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8231" - }, - { - "name" : "104373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104373" - }, - { - "name" : "1041094", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka \"HTTP Protocol Stack Remote Code Execution Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8231", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8231" + }, + { + "name": "104373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104373" + }, + { + "name": "1041094", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041094" + } + ] + } +} \ No newline at end of file