From 99b5e3d2e2c350403cc39f370f4572cf2f8a1867 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:21:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0126.json | 150 +++++++++--------- 2002/0xxx/CVE-2002-0150.json | 200 ++++++++++++------------ 2002/0xxx/CVE-2002-0336.json | 140 ++++++++--------- 2002/0xxx/CVE-2002-0529.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1048.json | 150 +++++++++--------- 2002/1xxx/CVE-2002-1685.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1761.json | 120 +++++++-------- 2002/2xxx/CVE-2002-2023.json | 130 ++++++++-------- 2002/2xxx/CVE-2002-2305.json | 130 ++++++++-------- 2003/0xxx/CVE-2003-0368.json | 150 +++++++++--------- 2003/0xxx/CVE-2003-0826.json | 170 ++++++++++----------- 2005/1xxx/CVE-2005-1008.json | 130 ++++++++-------- 2005/1xxx/CVE-2005-1075.json | 180 +++++++++++----------- 2005/1xxx/CVE-2005-1245.json | 160 +++++++++---------- 2009/1xxx/CVE-2009-1137.json | 200 ++++++++++++------------ 2009/1xxx/CVE-2009-1550.json | 130 ++++++++-------- 2009/1xxx/CVE-2009-1722.json | 250 +++++++++++++++--------------- 2009/5xxx/CVE-2009-5066.json | 270 ++++++++++++++++----------------- 2012/0xxx/CVE-2012-0046.json | 34 ++--- 2012/0xxx/CVE-2012-0557.json | 160 +++++++++---------- 2012/0xxx/CVE-2012-0655.json | 150 +++++++++--------- 2012/0xxx/CVE-2012-0976.json | 220 +++++++++++++-------------- 2012/3xxx/CVE-2012-3455.json | 230 ++++++++++++++-------------- 2012/3xxx/CVE-2012-3756.json | 180 +++++++++++----------- 2012/3xxx/CVE-2012-3823.json | 34 ++--- 2012/4xxx/CVE-2012-4405.json | 260 +++++++++++++++---------------- 2012/4xxx/CVE-2012-4462.json | 150 +++++++++--------- 2012/4xxx/CVE-2012-4523.json | 190 +++++++++++------------ 2012/4xxx/CVE-2012-4557.json | 210 ++++++++++++------------- 2012/4xxx/CVE-2012-4654.json | 34 ++--- 2012/4xxx/CVE-2012-4955.json | 190 +++++++++++------------ 2012/6xxx/CVE-2012-6092.json | 170 ++++++++++----------- 2017/2xxx/CVE-2017-2723.json | 122 +++++++-------- 2017/6xxx/CVE-2017-6114.json | 34 ++--- 2017/6xxx/CVE-2017-6318.json | 170 ++++++++++----------- 2017/6xxx/CVE-2017-6567.json | 34 ++--- 2017/6xxx/CVE-2017-6721.json | 140 ++++++++--------- 2017/6xxx/CVE-2017-6774.json | 142 ++++++++--------- 2017/7xxx/CVE-2017-7690.json | 130 ++++++++-------- 2017/7xxx/CVE-2017-7927.json | 140 ++++++++--------- 2018/10xxx/CVE-2018-10083.json | 120 +++++++-------- 2018/14xxx/CVE-2018-14082.json | 130 ++++++++-------- 2018/14xxx/CVE-2018-14211.json | 34 ++--- 2018/14xxx/CVE-2018-14349.json | 190 +++++++++++------------ 2018/14xxx/CVE-2018-14891.json | 120 +++++++-------- 2018/15xxx/CVE-2018-15228.json | 34 ++--- 2018/15xxx/CVE-2018-15489.json | 34 ++--- 2018/15xxx/CVE-2018-15525.json | 34 ++--- 2018/20xxx/CVE-2018-20035.json | 34 ++--- 2018/20xxx/CVE-2018-20108.json | 34 ++--- 2018/20xxx/CVE-2018-20249.json | 130 ++++++++-------- 2018/20xxx/CVE-2018-20498.json | 34 ++--- 2018/20xxx/CVE-2018-20548.json | 140 ++++++++--------- 2018/9xxx/CVE-2018-9260.json | 160 +++++++++---------- 2018/9xxx/CVE-2018-9469.json | 34 ++--- 2018/9xxx/CVE-2018-9549.json | 130 ++++++++-------- 2018/9xxx/CVE-2018-9858.json | 34 ++--- 57 files changed, 3745 insertions(+), 3745 deletions(-) diff --git a/2002/0xxx/CVE-2002-0126.json b/2002/0xxx/CVE-2002-0126.json index 856cd25314c..27f5d691a32 100644 --- a/2002/0xxx/CVE-2002-0126.json +++ b/2002/0xxx/CVE-2002-0126.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020115 BlackMoon FTPd Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/250543" - }, - { - "name" : "3884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3884" - }, - { - "name" : "http://members.rogers.com/blackmoon2k/pages/news_page.html", - "refsource" : "MISC", - "url" : "http://members.rogers.com/blackmoon2k/pages/news_page.html" - }, - { - "name" : "blackmoon-ftpd-static-bo(7895)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7895.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020115 BlackMoon FTPd Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/250543" + }, + { + "name": "3884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3884" + }, + { + "name": "blackmoon-ftpd-static-bo(7895)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7895.php" + }, + { + "name": "http://members.rogers.com/blackmoon2k/pages/news_page.html", + "refsource": "MISC", + "url": "http://members.rogers.com/blackmoon2k/pages/news_page.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0150.json b/2002/0xxx/CVE-2002-0150.json index 0f7dc6e3d8b..2fad8ed890f 100644 --- a/2002/0xxx/CVE-2002-0150.json +++ b/2002/0xxx/CVE-2002-0150.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" - }, - { - "name" : "CA-2002-09", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-09.html" - }, - { - "name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" - }, - { - "name" : "VU#454091", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/454091" - }, - { - "name" : "iis-asp-http-header-bo(8797)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8797.php" - }, - { - "name" : "4476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4476" - }, - { - "name" : "3316", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3316" - }, - { - "name" : "oval:org.mitre.oval:def:137", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A137" - }, - { - "name" : "oval:org.mitre.oval:def:39", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3316", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3316" + }, + { + "name": "iis-asp-http-header-bo(8797)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8797.php" + }, + { + "name": "oval:org.mitre.oval:def:137", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A137" + }, + { + "name": "MS02-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" + }, + { + "name": "VU#454091", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/454091" + }, + { + "name": "4476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4476" + }, + { + "name": "CA-2002-09", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-09.html" + }, + { + "name": "oval:org.mitre.oval:def:39", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A39" + }, + { + "name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0336.json b/2002/0xxx/CVE-2002-0336.json index 000b5926a8a..af98977e4c8 100644 --- a/2002/0xxx/CVE-2002-0336.json +++ b/2002/0xxx/CVE-2002-0336.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101484128203523&w=2" - }, - { - "name" : "worldgroup-ftp-list-bo(8297)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8297.php" - }, - { - "name" : "4185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "worldgroup-ftp-list-bo(8297)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8297.php" + }, + { + "name": "4185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4185" + }, + { + "name": "20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101484128203523&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0529.json b/2002/0xxx/CVE-2002-0529.json index 046c4d3bbeb..7a1fa4e6f39 100644 --- a/2002/0xxx/CVE-2002-0529.json +++ b/2002/0xxx/CVE-2002-0529.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020414 Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0169.html" - }, - { - "name" : "4518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4518" - }, - { - "name" : "macos-photosmart-weak-permissions(8856)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8856.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-photosmart-weak-permissions(8856)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8856.php" + }, + { + "name": "4518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4518" + }, + { + "name": "20020414 Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0169.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1048.json b/2002/1xxx/CVE-2002-1048.json index 61535425c97..c42a9b49cb2 100644 --- a/2002/1xxx/CVE-2002-1048.json +++ b/2002/1xxx/CVE-2002-1048.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020727 Phenoelit Advisory #0815 +-+", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0345.html" - }, - { - "name" : "VU#377003", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/377003" - }, - { - "name" : "5331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5331" - }, - { - "name" : "hp-jetdirect-snmp-read(9693)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9693.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#377003", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/377003" + }, + { + "name": "hp-jetdirect-snmp-read(9693)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9693.php" + }, + { + "name": "20020727 Phenoelit Advisory #0815 +-+", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0345.html" + }, + { + "name": "5331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5331" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1685.json b/2002/1xxx/CVE-2002-1685.json index ebd1984bd87..f7f7b64a161 100644 --- a/2002/1xxx/CVE-2002-1685.json +++ b/2002/1xxx/CVE-2002-1685.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020708 Technical Details of BadBlue EXT.DLL Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/281088" - }, - { - "name" : "5086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5086" - }, - { - "name" : "badblue-extdll-xss(9513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020708 Technical Details of BadBlue EXT.DLL Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/281088" + }, + { + "name": "5086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5086" + }, + { + "name": "badblue-extdll-xss(9513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9513" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1761.json b/2002/1xxx/CVE-2002-1761.json index 8fb4abb48b9..69d7e39d338 100644 --- a/2002/1xxx/CVE-2002-1761.json +++ b/2002/1xxx/CVE-2002-1761.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020424 PHProjekt multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020424 PHProjekt multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2023.json b/2002/2xxx/CVE-2002-2023.json index 4fbc4b3d502..a06f7b794a2 100644 --- a/2002/2xxx/CVE-2002-2023.json +++ b/2002/2xxx/CVE-2002-2023.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kip.iis.toyama-u.ac.jp/~shingo/beep/package/src/beep2-1.2a.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://www.kip.iis.toyama-u.ac.jp/~shingo/beep/package/src/beep2-1.2a.tar.gz" - }, - { - "name" : "3859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kip.iis.toyama-u.ac.jp/~shingo/beep/package/src/beep2-1.2a.tar.gz", + "refsource": "CONFIRM", + "url": "http://www.kip.iis.toyama-u.ac.jp/~shingo/beep/package/src/beep2-1.2a.tar.gz" + }, + { + "name": "3859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3859" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2305.json b/2002/2xxx/CVE-2002-2305.json index 0c2a1a15384..c8c9daf2b9e 100644 --- a/2002/2xxx/CVE-2002-2305.json +++ b/2002/2xxx/CVE-2002-2305.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021125 Immobilier 1 (PHP)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0307.html" - }, - { - "name" : "immobilier-agentadmin-sql-injection(10705)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021125 Immobilier 1 (PHP)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0307.html" + }, + { + "name": "immobilier-agentadmin-sql-injection(10705)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10705" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0368.json b/2003/0xxx/CVE-2003-0368.json index 2e42e7e475c..12ac12e61ce 100644 --- a/2003/0xxx/CVE-2003-0368.json +++ b/2003/0xxx/CVE-2003-0368.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A060903-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a060903-1.txt" - }, - { - "name" : "VU#924812", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/924812" - }, - { - "name" : "7854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7854" - }, - { - "name" : "nokia-ggsn-ip-dos(12221)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A060903-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a060903-1.txt" + }, + { + "name": "7854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7854" + }, + { + "name": "VU#924812", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/924812" + }, + { + "name": "nokia-ggsn-ip-dos(12221)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12221" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0826.json b/2003/0xxx/CVE-2003-0826.json index cb1d8519917..bab8ed91ead 100644 --- a/2003/0xxx/CVE-2003-0826.json +++ b/2003/0xxx/CVE-2003-0826.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030919 lsh patch (was Re: [Full-Disclosure] new ssh exploit?)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010496.html" - }, - { - "name" : "20030920 LSH: Buffer overrun and remote root compromise in lshd", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106407188509874&w=2" - }, - { - "name" : "20030919 Remote root vuln in lsh 1.4.x", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106398939512178&w=2" - }, - { - "name" : "DSA-717", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-717" - }, - { - "name" : "http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html", - "refsource" : "CONFIRM", - "url" : "http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html" - }, - { - "name" : "http://bugs.debian.org/211662", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/211662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030919 lsh patch (was Re: [Full-Disclosure] new ssh exploit?)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010496.html" + }, + { + "name": "http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html", + "refsource": "CONFIRM", + "url": "http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html" + }, + { + "name": "http://bugs.debian.org/211662", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/211662" + }, + { + "name": "DSA-717", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-717" + }, + { + "name": "20030920 LSH: Buffer overrun and remote root compromise in lshd", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106407188509874&w=2" + }, + { + "name": "20030919 Remote root vuln in lsh 1.4.x", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106398939512178&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1008.json b/2005/1xxx/CVE-2005-1008.json index 14da8c32337..91d55d6e9d0 100644 --- a/2005/1xxx/CVE-2005-1008.json +++ b/2005/1xxx/CVE-2005-1008.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a \"javascript:\" URL in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12958" - }, - { - "name" : "1013614", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a \"javascript:\" URL in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013614", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013614" + }, + { + "name": "12958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12958" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1075.json b/2005/1xxx/CVE-2005-1075.json index c722c46938a..935217d0a64 100644 --- a/2005/1xxx/CVE-2005-1075.json +++ b/2005/1xxx/CVE-2005-1075.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050409 Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/395527" - }, - { - "name" : "http://www.digitalparadox.org/advisories/rga.txt", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/advisories/rga.txt" - }, - { - "name" : "13080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13080" - }, - { - "name" : "15430", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15430" - }, - { - "name" : "15431", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15431" - }, - { - "name" : "14906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14906" - }, - { - "name" : "radbids-gold-php-xss(20038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "radbids-gold-php-xss(20038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20038" + }, + { + "name": "http://www.digitalparadox.org/advisories/rga.txt", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/advisories/rga.txt" + }, + { + "name": "20050409 Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/395527" + }, + { + "name": "15430", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15430" + }, + { + "name": "13080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13080" + }, + { + "name": "14906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14906" + }, + { + "name": "15431", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15431" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1245.json b/2005/1xxx/CVE-2005-1245.json index 102102e381c..8eb7c0999f5 100644 --- a/2005/1xxx/CVE-2005-1245.json +++ b/2005/1xxx/CVE-2005-1245.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=322146", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=322146" - }, - { - "name" : "13301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13301" - }, - { - "name" : "15719", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15719" - }, - { - "name" : "14993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14993" - }, - { - "name" : "mediawiki-unknown-xss(20210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mediawiki-unknown-xss(20210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20210" + }, + { + "name": "15719", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15719" + }, + { + "name": "14993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14993" + }, + { + "name": "13301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13301" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=322146", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=322146" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1137.json b/2009/1xxx/CVE-2009-1137.json index 0f07d7ba07f..d7b5d41f852 100644 --- a/2009/1xxx/CVE-2009-1137.json +++ b/2009/1xxx/CVE-2009-1137.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka \"Legacy File Format Vulnerability,\" a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" - }, - { - "name" : "TA09-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" - }, - { - "name" : "34876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34876" - }, - { - "name" : "54381", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54381" - }, - { - "name" : "oval:org.mitre.oval:def:5946", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5946" - }, - { - "name" : "1022205", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022205" - }, - { - "name" : "32428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32428" - }, - { - "name" : "ADV-2009-1290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1290" - }, - { - "name" : "powerpoint-sounddata-code-execution(50425)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka \"Legacy File Format Vulnerability,\" a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32428" + }, + { + "name": "ADV-2009-1290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1290" + }, + { + "name": "MS09-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" + }, + { + "name": "34876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34876" + }, + { + "name": "54381", + "refsource": "OSVDB", + "url": "http://osvdb.org/54381" + }, + { + "name": "1022205", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022205" + }, + { + "name": "TA09-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" + }, + { + "name": "oval:org.mitre.oval:def:5946", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5946" + }, + { + "name": "powerpoint-sounddata-code-execution(50425)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50425" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1550.json b/2009/1xxx/CVE-2009-1550.json index 546cf7c6ab3..7dffdf1abba 100644 --- a/2009/1xxx/CVE-2009-1550.json +++ b/2009/1xxx/CVE-2009-1550.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8555", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8555" - }, - { - "name" : "abcadvertise-admininc-info-disclosure(50183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8555", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8555" + }, + { + "name": "abcadvertise-admininc-info-disclosure(50183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50183" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1722.json b/2009/1xxx/CVE-2009-1722.json index a798584f17c..9b5fd4877bd 100644 --- a/2009/1xxx/CVE-2009-1722.json +++ b/2009/1xxx/CVE-2009-1722.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz" - }, - { - "name" : "http://support.apple.com/kb/HT3757", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3757" - }, - { - "name" : "APPLE-SA-2009-08-05-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" - }, - { - "name" : "DSA-1842", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1842" - }, - { - "name" : "MDVSA-2009:191", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191" - }, - { - "name" : "USN-831-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-831-1" - }, - { - "name" : "TA09-218A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" - }, - { - "name" : "35838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35838" - }, - { - "name" : "1022674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022674" - }, - { - "name" : "36032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36032" - }, - { - "name" : "36096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36096" - }, - { - "name" : "36753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36753" - }, - { - "name" : "ADV-2009-2035", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2035" - }, - { - "name" : "ADV-2009-2172", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3757", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3757" + }, + { + "name": "MDVSA-2009:191", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191" + }, + { + "name": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz" + }, + { + "name": "36753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36753" + }, + { + "name": "ADV-2009-2035", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2035" + }, + { + "name": "36096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36096" + }, + { + "name": "DSA-1842", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1842" + }, + { + "name": "36032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36032" + }, + { + "name": "APPLE-SA-2009-08-05-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" + }, + { + "name": "35838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35838" + }, + { + "name": "1022674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022674" + }, + { + "name": "USN-831-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-831-1" + }, + { + "name": "ADV-2009-2172", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2172" + }, + { + "name": "TA09-218A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5066.json b/2009/5xxx/CVE-2009-5066.json index 6b3bb29872f..40892449637 100644 --- a/2009/5xxx/CVE-2009-5066.json +++ b/2009/5xxx/CVE-2009-5066.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-5066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120720 CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/20/1" - }, - { - "name" : "[oss-security] 20120723 Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/23/2" - }, - { - "name" : "http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/", - "refsource" : "MISC", - "url" : "http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/" - }, - { - "name" : "https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t" - }, - { - "name" : "RHSA-2013:0191", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0191.html" - }, - { - "name" : "RHSA-2013:0192", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0192.html" - }, - { - "name" : "RHSA-2013:0193", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0193.html" - }, - { - "name" : "RHSA-2013:0194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0194.html" - }, - { - "name" : "RHSA-2013:0195", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0195.html" - }, - { - "name" : "RHSA-2013:0196", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0196.html" - }, - { - "name" : "RHSA-2013:0197", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0197.html" - }, - { - "name" : "RHSA-2013:0198", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0198.html" - }, - { - "name" : "RHSA-2013:0221", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0221.html" - }, - { - "name" : "RHSA-2013:0533", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0533.html" - }, - { - "name" : "51984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51984" - }, - { - "name" : "52054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120723 Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/23/2" + }, + { + "name": "http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/", + "refsource": "MISC", + "url": "http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/" + }, + { + "name": "https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t" + }, + { + "name": "RHSA-2013:0192", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html" + }, + { + "name": "RHSA-2013:0198", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html" + }, + { + "name": "RHSA-2013:0195", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html" + }, + { + "name": "RHSA-2013:0221", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html" + }, + { + "name": "RHSA-2013:0196", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html" + }, + { + "name": "RHSA-2013:0193", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html" + }, + { + "name": "51984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51984" + }, + { + "name": "52054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52054" + }, + { + "name": "RHSA-2013:0191", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html" + }, + { + "name": "RHSA-2013:0533", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html" + }, + { + "name": "RHSA-2013:0197", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html" + }, + { + "name": "RHSA-2013:0194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" + }, + { + "name": "[oss-security] 20120720 CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0046.json b/2012/0xxx/CVE-2012-0046.json index 65849e0ebd2..5c034151843 100644 --- a/2012/0xxx/CVE-2012-0046.json +++ b/2012/0xxx/CVE-2012-0046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0557.json b/2012/0xxx/CVE-2012-0557.json index cb6a75dbe06..8d5b593f3bf 100644 --- a/2012/0xxx/CVE-2012-0557.json +++ b/2012/0xxx/CVE-2012-0557.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0554, CVE-2012-0555, and CVE-2012-0556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53054" - }, - { - "name" : "1026949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0554, CVE-2012-0555, and CVE-2012-0556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53054" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "1026949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026949" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0655.json b/2012/0xxx/CVE-2012-0655.json index 7283b5ef12a..f2c7810d7cf 100644 --- a/2012/0xxx/CVE-2012-0655.json +++ b/2012/0xxx/CVE-2012-0655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "53445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53445" - }, - { - "name" : "53462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53462" + }, + { + "name": "53445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53445" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0976.json b/2012/0xxx/CVE-2012-0976.json index dfb9efba262..1b051ea3aea 100644 --- a/2012/0xxx/CVE-2012-0976.json +++ b/2012/0xxx/CVE-2012-0976.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3" - }, - { - "name" : "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt" - }, - { - "name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13" - }, - { - "name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7" - }, - { - "name" : "https://github.com/silverstripe/sapphire/commit/252e187", - "refsource" : "CONFIRM", - "url" : "https://github.com/silverstripe/sapphire/commit/252e187" - }, - { - "name" : "https://github.com/silverstripe/sapphire/commit/475e077", - "refsource" : "CONFIRM", - "url" : "https://github.com/silverstripe/sapphire/commit/475e077" - }, - { - "name" : "https://github.com/silverstripe/sapphire/commit/5fe7091", - "refsource" : "CONFIRM", - "url" : "https://github.com/silverstripe/sapphire/commit/5fe7091" - }, - { - "name" : "51761", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51761" - }, - { - "name" : "78677", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78677" - }, - { - "name" : "47812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47812" - }, - { - "name" : "silverstripe-editform-xss(72820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7" + }, + { + "name": "https://github.com/silverstripe/sapphire/commit/475e077", + "refsource": "CONFIRM", + "url": "https://github.com/silverstripe/sapphire/commit/475e077" + }, + { + "name": "78677", + "refsource": "OSVDB", + "url": "http://osvdb.org/78677" + }, + { + "name": "51761", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51761" + }, + { + "name": "47812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47812" + }, + { + "name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/3" + }, + { + "name": "https://github.com/silverstripe/sapphire/commit/5fe7091", + "refsource": "CONFIRM", + "url": "https://github.com/silverstripe/sapphire/commit/5fe7091" + }, + { + "name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13" + }, + { + "name": "silverstripe-editform-xss(72820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72820" + }, + { + "name": "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt" + }, + { + "name": "https://github.com/silverstripe/sapphire/commit/252e187", + "refsource": "CONFIRM", + "url": "https://github.com/silverstripe/sapphire/commit/252e187" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3455.json b/2012/3xxx/CVE-2012-3455.json index 2552f46c53e..24e141ba785 100644 --- a/2012/3xxx/CVE-2012-3455.json +++ b/2012/3xxx/CVE-2012-3455.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120804 CVE request for Calligra", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/04/1" - }, - { - "name" : "[oss-security] 20120804 Re: CVE request for Calligra", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/04/5" - }, - { - "name" : "[oss-security] 20120805 Re: CVE request for Calligra", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/06/1" - }, - { - "name" : "[oss-security] 20120806 Re: CVE request for Calligra", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/06/6" - }, - { - "name" : "[oss-security] 20120810 Re: CVE request for Calligra", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/10/1" - }, - { - "name" : "http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf", - "refsource" : "MISC", - "url" : "http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20120810-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20120810-1.txt" - }, - { - "name" : "openSUSE-SU-2012:1060", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00040.html" - }, - { - "name" : "USN-1526-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1526-1" - }, - { - "name" : "54816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54816" - }, - { - "name" : "50199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50199" - }, - { - "name" : "koffice-kword-odf-bo(77483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50199" + }, + { + "name": "[oss-security] 20120810 Re: CVE request for Calligra", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/10/1" + }, + { + "name": "[oss-security] 20120806 Re: CVE request for Calligra", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/06/6" + }, + { + "name": "[oss-security] 20120805 Re: CVE request for Calligra", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/06/1" + }, + { + "name": "[oss-security] 20120804 Re: CVE request for Calligra", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/04/5" + }, + { + "name": "koffice-kword-odf-bo(77483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77483" + }, + { + "name": "http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf", + "refsource": "MISC", + "url": "http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf" + }, + { + "name": "[oss-security] 20120804 CVE request for Calligra", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/04/1" + }, + { + "name": "USN-1526-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1526-1" + }, + { + "name": "http://www.kde.org/info/security/advisory-20120810-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20120810-1.txt" + }, + { + "name": "54816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54816" + }, + { + "name": "openSUSE-SU-2012:1060", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00040.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3756.json b/2012/3xxx/CVE-2012-3756.json index 4dfc509fbfc..f6d0256ccef 100644 --- a/2012/3xxx/CVE-2012-3756.json +++ b/2012/3xxx/CVE-2012-3756.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5581" - }, - { - "name" : "APPLE-SA-2012-11-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html" - }, - { - "name" : "APPLE-SA-2013-03-14-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" - }, - { - "name" : "87091", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87091" - }, - { - "name" : "oval:org.mitre.oval:def:16065", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16065" - }, - { - "name" : "51226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51226" - }, - { - "name" : "quicktime-rnet-bo(79903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51226" + }, + { + "name": "APPLE-SA-2012-11-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:16065", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16065" + }, + { + "name": "APPLE-SA-2013-03-14-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" + }, + { + "name": "quicktime-rnet-bo(79903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79903" + }, + { + "name": "http://support.apple.com/kb/HT5581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5581" + }, + { + "name": "87091", + "refsource": "OSVDB", + "url": "http://osvdb.org/87091" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3823.json b/2012/3xxx/CVE-2012-3823.json index 3465d996ad5..caf11d15ab5 100644 --- a/2012/3xxx/CVE-2012-3823.json +++ b/2012/3xxx/CVE-2012-3823.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3823", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3823", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4405.json b/2012/4xxx/CVE-2012-4405.json index 1a3ea09396b..2d037ccc1aa 100644 --- a/2012/4xxx/CVE-2012-4405.json +++ b/2012/4xxx/CVE-2012-4405.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/11/2" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301" - }, - { - "name" : "GLSA-201412-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-17.xml" - }, - { - "name" : "MDVSA-2012:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151" - }, - { - "name" : "MDVSA-2013:089", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089" - }, - { - "name" : "MDVSA-2013:090", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090" - }, - { - "name" : "RHSA-2012:1256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1256.html" - }, - { - "name" : "openSUSE-SU-2012:1289", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html" - }, - { - "name" : "openSUSE-SU-2012:1290", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html" - }, - { - "name" : "SUSE-SU-2012:1222", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html" - }, - { - "name" : "USN-1581-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1581-1" - }, - { - "name" : "55494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55494" - }, - { - "name" : "1027517", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027517" - }, - { - "name" : "50719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50719" - }, - { - "name" : "icclib-pdf-bo(78411)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html" + }, + { + "name": "GLSA-201412-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301" + }, + { + "name": "[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/11/2" + }, + { + "name": "openSUSE-SU-2012:1290", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html" + }, + { + "name": "MDVSA-2013:089", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089" + }, + { + "name": "MDVSA-2013:090", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090" + }, + { + "name": "55494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55494" + }, + { + "name": "50719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50719" + }, + { + "name": "SUSE-SU-2012:1222", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html" + }, + { + "name": "openSUSE-SU-2012:1289", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html" + }, + { + "name": "icclib-pdf-bo(78411)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411" + }, + { + "name": "1027517", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027517" + }, + { + "name": "USN-1581-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1581-1" + }, + { + "name": "MDVSA-2012:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4462.json b/2012/4xxx/CVE-2012-4462.json index 30473e9913c..8a29fdbcf61 100644 --- a/2012/4xxx/CVE-2012-4462.json +++ b/2012/4xxx/CVE-2012-4462.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=860850", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=860850" - }, - { - "name" : "https://htcondor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84", - "refsource" : "MISC", - "url" : "https://htcondor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84" - }, - { - "name" : "RHSA-2013:0564", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0564.html" - }, - { - "name" : "RHSA-2013:0565", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0565.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://htcondor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84", + "refsource": "MISC", + "url": "https://htcondor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84" + }, + { + "name": "RHSA-2013:0564", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html" + }, + { + "name": "RHSA-2013:0565", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=860850", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4523.json b/2012/4xxx/CVE-2012-4523.json index 1e2bae27a51..f1331653727 100644 --- a/2012/4xxx/CVE-2012-4523.json +++ b/2012/4xxx/CVE-2012-4523.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/17/7" - }, - { - "name" : "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/31/6" - }, - { - "name" : "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification", - "refsource" : "MLIST", - "url" : "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html" - }, - { - "name" : "[radsecproxy] 20120917 Radsecproxy 1.6.1 is out", - "refsource" : "MLIST", - "url" : "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html" - }, - { - "name" : "https://project.nordu.net/browse/RADSECPROXY-43", - "refsource" : "CONFIRM", - "url" : "https://project.nordu.net/browse/RADSECPROXY-43" - }, - { - "name" : "DSA-2573", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2573" - }, - { - "name" : "56105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56105" - }, - { - "name" : "51251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[radsecproxy] 20120917 Radsecproxy 1.6.1 is out", + "refsource": "MLIST", + "url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html" + }, + { + "name": "56105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56105" + }, + { + "name": "51251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51251" + }, + { + "name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/31/6" + }, + { + "name": "https://project.nordu.net/browse/RADSECPROXY-43", + "refsource": "CONFIRM", + "url": "https://project.nordu.net/browse/RADSECPROXY-43" + }, + { + "name": "DSA-2573", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2573" + }, + { + "name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification", + "refsource": "MLIST", + "url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html" + }, + { + "name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/17/7" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4557.json b/2012/4xxx/CVE-2012-4557.json index 1bf9d139ce7..305976f5649 100644 --- a/2012/4xxx/CVE-2012-4557.json +++ b/2012/4xxx/CVE-2012-4557.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1227298", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1227298" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=871685", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=871685" - }, - { - "name" : "DSA-2579", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2579" - }, - { - "name" : "HPSBUX02866", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "SSRT101139", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "openSUSE-SU-2013:0243", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2013:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:18938", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18938" - }, - { - "name" : "oval:org.mitre.oval:def:19284", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101139", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "DSA-2579", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2579" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1227298", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1227298" + }, + { + "name": "oval:org.mitre.oval:def:18938", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18938" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22" + }, + { + "name": "oval:org.mitre.oval:def:19284", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19284" + }, + { + "name": "openSUSE-SU-2013:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=871685", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871685" + }, + { + "name": "HPSBUX02866", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "openSUSE-SU-2013:0243", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4654.json b/2012/4xxx/CVE-2012-4654.json index c2cbcc880bb..724faf2a90a 100644 --- a/2012/4xxx/CVE-2012-4654.json +++ b/2012/4xxx/CVE-2012-4654.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4654", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4654", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4955.json b/2012/4xxx/CVE-2012-4955.json index b439d3a46ed..de6938bf0dd 100644 --- a/2012/4xxx/CVE-2012-4955.json +++ b/2012/4xxx/CVE-2012-4955.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694", - "refsource" : "CONFIRM", - "url" : "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694" - }, - { - "name" : "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338", - "refsource" : "CONFIRM", - "url" : "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338" - }, - { - "name" : "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344", - "refsource" : "CONFIRM", - "url" : "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344" - }, - { - "name" : "VU#558132", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/558132" - }, - { - "name" : "56518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56518" - }, - { - "name" : "87405", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87405" - }, - { - "name" : "51297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51297" - }, - { - "name" : "dell-openmanage-xss(80071)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "87405", + "refsource": "OSVDB", + "url": "http://osvdb.org/87405" + }, + { + "name": "51297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51297" + }, + { + "name": "dell-openmanage-xss(80071)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80071" + }, + { + "name": "VU#558132", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/558132" + }, + { + "name": "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344", + "refsource": "CONFIRM", + "url": "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344" + }, + { + "name": "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338", + "refsource": "CONFIRM", + "url": "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338" + }, + { + "name": "56518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56518" + }, + { + "name": "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694", + "refsource": "CONFIRM", + "url": "http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6092.json b/2012/6xxx/CVE-2012-6092.json index 2e01e3f6ca1..a57d49bd45f 100644 --- a/2012/6xxx/CVE-2012-6092.json +++ b/2012/6xxx/CVE-2012-6092.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://activemq.apache.org/activemq-580-release.html", - "refsource" : "CONFIRM", - "url" : "http://activemq.apache.org/activemq-580-release.html" - }, - { - "name" : "https://fisheye6.atlassian.com/changelog/activemq?cs=1399577", - "refsource" : "CONFIRM", - "url" : "https://fisheye6.atlassian.com/changelog/activemq?cs=1399577" - }, - { - "name" : "https://issues.apache.org/jira/browse/AMQ-4115", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/AMQ-4115" - }, - { - "name" : "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282" - }, - { - "name" : "RHSA-2013:1029", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1029.html" - }, - { - "name" : "59400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1029", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1029.html" + }, + { + "name": "59400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59400" + }, + { + "name": "https://issues.apache.org/jira/browse/AMQ-4115", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/AMQ-4115" + }, + { + "name": "https://fisheye6.atlassian.com/changelog/activemq?cs=1399577", + "refsource": "CONFIRM", + "url": "https://fisheye6.atlassian.com/changelog/activemq?cs=1399577" + }, + { + "name": "http://activemq.apache.org/activemq-580-release.html", + "refsource": "CONFIRM", + "url": "http://activemq.apache.org/activemq-580-release.html" + }, + { + "name": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2723.json b/2017/2xxx/CVE-2017-2723.json index 7e96582ecf6..20b342e0171 100644 --- a/2017/2xxx/CVE-2017-2723.json +++ b/2017/2xxx/CVE-2017-2723.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Files", - "version" : { - "version_data" : [ - { - "version_value" : "7.1.1.308 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Plaintext Storage" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Files", + "version": { + "version_data": [ + { + "version_value": "7.1.1.308 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-files-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-files-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Plaintext Storage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-files-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-files-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6114.json b/2017/6xxx/CVE-2017-6114.json index cc58c06d746..606e542045d 100644 --- a/2017/6xxx/CVE-2017-6114.json +++ b/2017/6xxx/CVE-2017-6114.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6114", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6114", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6318.json b/2017/6xxx/CVE-2017-6318.json index 7d719e8f83b..6cd1907ad0a 100644 --- a/2017/6xxx/CVE-2017-6318.json +++ b/2017/6xxx/CVE-2017-6318.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[sane-devel] 20170211 Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server", - "refsource" : "MLIST", - "url" : "https://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035029.html" - }, - { - "name" : "[sane-devel] 20170219 Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server", - "refsource" : "MLIST", - "url" : "http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035054.html" - }, - { - "name" : "[sane-devel] 20170225 CVE-2017-6318 (old: Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server)", - "refsource" : "MLIST", - "url" : "http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035059.html" - }, - { - "name" : "https://alioth.debian.org/tracker/index.php?func=detail&aid=315576", - "refsource" : "CONFIRM", - "url" : "https://alioth.debian.org/tracker/index.php?func=detail&aid=315576" - }, - { - "name" : "openSUSE-SU-2017:0649", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-03/msg00016.html" - }, - { - "name" : "97028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2017:0649", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-03/msg00016.html" + }, + { + "name": "97028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97028" + }, + { + "name": "https://alioth.debian.org/tracker/index.php?func=detail&aid=315576", + "refsource": "CONFIRM", + "url": "https://alioth.debian.org/tracker/index.php?func=detail&aid=315576" + }, + { + "name": "[sane-devel] 20170211 Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server", + "refsource": "MLIST", + "url": "https://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035029.html" + }, + { + "name": "[sane-devel] 20170225 CVE-2017-6318 (old: Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server)", + "refsource": "MLIST", + "url": "http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035059.html" + }, + { + "name": "[sane-devel] 20170219 Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server", + "refsource": "MLIST", + "url": "http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035054.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6567.json b/2017/6xxx/CVE-2017-6567.json index 6348e76d72b..8bc2b47da81 100644 --- a/2017/6xxx/CVE-2017-6567.json +++ b/2017/6xxx/CVE-2017-6567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6567", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6567", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6721.json b/2017/6xxx/CVE-2017-6721.json index 54234d2a223..417a8b30489 100644 --- a/2017/6xxx/CVE-2017-6721.json +++ b/2017/6xxx/CVE-2017-6721.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wide Area Application Services", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wide Area Application Services" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "TCP Fragment Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wide Area Application Services", + "version": { + "version_data": [ + { + "version_value": "Cisco Wide Area Application Services" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas" - }, - { - "name" : "99200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99200" - }, - { - "name" : "1038747", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TCP Fragment Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas" + }, + { + "name": "1038747", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038747" + }, + { + "name": "99200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99200" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6774.json b/2017/6xxx/CVE-2017-6774.json index 23ff8f7e6e0..2e9c2a707a8 100644 --- a/2017/6xxx/CVE-2017-6774.json +++ b/2017/6xxx/CVE-2017-6774.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2017-08-16T00:00:00", - "ID" : "CVE-2017-6774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "StarOS for ASR 5000 Series Aggregated Services Routers", - "version" : { - "version_data" : [ - { - "version_value" : "21.0.v0.65839" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "File Modification" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2017-08-16T00:00:00", + "ID": "CVE-2017-6774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "StarOS for ASR 5000 Series Aggregated Services Routers", + "version": { + "version_data": [ + { + "version_value": "21.0.v0.65839" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170816 Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2" - }, - { - "name" : "100386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100386" - }, - { - "name" : "1039182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170816 Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2" + }, + { + "name": "100386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100386" + }, + { + "name": "1039182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039182" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7690.json b/2017/7xxx/CVE-2017-7690.json index 3551cd59861..859e9cc8f80 100644 --- a/2017/7xxx/CVE-2017-7690.json +++ b/2017/7xxx/CVE-2017-7690.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43225", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43225/" - }, - { - "name" : "https://m4.rkw.io/blog/cve20177690-local-root-privesc-in-proxifier-for-mac-219.html", - "refsource" : "MISC", - "url" : "https://m4.rkw.io/blog/cve20177690-local-root-privesc-in-proxifier-for-mac-219.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://m4.rkw.io/blog/cve20177690-local-root-privesc-in-proxifier-for-mac-219.html", + "refsource": "MISC", + "url": "https://m4.rkw.io/blog/cve20177690-local-root-privesc-in-proxifier-for-mac-219.html" + }, + { + "name": "43225", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43225/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7927.json b/2017/7xxx/CVE-2017-7927.json index 496eba9d410..08718cb4f39 100644 --- a/2017/7xxx/CVE-2017-7927.json +++ b/2017/7xxx/CVE-2017-7927.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras", - "version" : { - "version_data" : [ - { - "version_value" : "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-836" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras", + "version": { + "version_data": [ + { + "version_value": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php", - "refsource" : "MISC", - "url" : "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02" - }, - { - "name" : "98312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-836" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02" + }, + { + "name": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php", + "refsource": "MISC", + "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php" + }, + { + "name": "98312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98312" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10083.json b/2018/10xxx/CVE-2018-10083.json index 285d3dd548f..772c0ffba76 100644 --- a/2018/10xxx/CVE-2018-10083.json +++ b/2018/10xxx/CVE-2018-10083.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\\FilePicker does not restrict the val parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/itodaro/cve/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/itodaro/cve/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\\FilePicker does not restrict the val parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/itodaro/cve/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/itodaro/cve/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14082.json b/2018/14xxx/CVE-2018-14082.json index 20192993ca6..e8ec46d5fc2 100644 --- a/2018/14xxx/CVE-2018-14082.json +++ b/2018/14xxx/CVE-2018-14082.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45141", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45141/" - }, - { - "name" : "https://gkaim.com/cve-2018-14082-vikas-chaudhary/", - "refsource" : "MISC", - "url" : "https://gkaim.com/cve-2018-14082-vikas-chaudhary/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45141", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45141/" + }, + { + "name": "https://gkaim.com/cve-2018-14082-vikas-chaudhary/", + "refsource": "MISC", + "url": "https://gkaim.com/cve-2018-14082-vikas-chaudhary/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14211.json b/2018/14xxx/CVE-2018-14211.json index 78f6a2c3f5a..d9de158b983 100644 --- a/2018/14xxx/CVE-2018-14211.json +++ b/2018/14xxx/CVE-2018-14211.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14211", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14211", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14349.json b/2018/14xxx/CVE-2018-14349.json index c5ee1455d65..481ed4d9d07 100644 --- a/2018/14xxx/CVE-2018-14349.json +++ b/2018/14xxx/CVE-2018-14349.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" - }, - { - "name" : "http://www.mutt.org/news.html", - "refsource" : "MISC", - "url" : "http://www.mutt.org/news.html" - }, - { - "name" : "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1", - "refsource" : "MISC", - "url" : "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1" - }, - { - "name" : "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416", - "refsource" : "MISC", - "url" : "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416" - }, - { - "name" : "https://neomutt.org/2018/07/16/release", - "refsource" : "MISC", - "url" : "https://neomutt.org/2018/07/16/release" - }, - { - "name" : "DSA-4277", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4277" - }, - { - "name" : "GLSA-201810-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-07" - }, - { - "name" : "USN-3719-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3719-3/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3719-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3719-3/" + }, + { + "name": "DSA-4277", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4277" + }, + { + "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" + }, + { + "name": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416", + "refsource": "MISC", + "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416" + }, + { + "name": "GLSA-201810-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-07" + }, + { + "name": "http://www.mutt.org/news.html", + "refsource": "MISC", + "url": "http://www.mutt.org/news.html" + }, + { + "name": "https://neomutt.org/2018/07/16/release", + "refsource": "MISC", + "url": "https://neomutt.org/2018/07/16/release" + }, + { + "name": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1", + "refsource": "MISC", + "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14891.json b/2018/14xxx/CVE-2018-14891.json index ce430736390..3d943c69704 100644 --- a/2018/14xxx/CVE-2018-14891.json +++ b/2018/14xxx/CVE-2018-14891.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vectra.ai/security-advisories", - "refsource" : "CONFIRM", - "url" : "https://vectra.ai/security-advisories" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vectra.ai/security-advisories", + "refsource": "CONFIRM", + "url": "https://vectra.ai/security-advisories" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15228.json b/2018/15xxx/CVE-2018-15228.json index 8f3e8ba8953..61b513c9526 100644 --- a/2018/15xxx/CVE-2018-15228.json +++ b/2018/15xxx/CVE-2018-15228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15228", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15228", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15489.json b/2018/15xxx/CVE-2018-15489.json index 94fc4aff52a..b017de198d1 100644 --- a/2018/15xxx/CVE-2018-15489.json +++ b/2018/15xxx/CVE-2018-15489.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15489", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15489", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15525.json b/2018/15xxx/CVE-2018-15525.json index fe459cf18ff..6ceb842491d 100644 --- a/2018/15xxx/CVE-2018-15525.json +++ b/2018/15xxx/CVE-2018-15525.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15525", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15525", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20035.json b/2018/20xxx/CVE-2018-20035.json index 3cb9e52f3e6..67a4cf45f83 100644 --- a/2018/20xxx/CVE-2018-20035.json +++ b/2018/20xxx/CVE-2018-20035.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20035", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20035", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20108.json b/2018/20xxx/CVE-2018-20108.json index 2cba67c8261..0e726705320 100644 --- a/2018/20xxx/CVE-2018-20108.json +++ b/2018/20xxx/CVE-2018-20108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20108", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-20108", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20249.json b/2018/20xxx/CVE-2018-20249.json index 7f7dfbaf8e4..af1d8ea07b0 100644 --- a/2018/20xxx/CVE-2018-20249.json +++ b/2018/20xxx/CVE-2018-20249.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "ID" : "CVE-2018-20249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Quick PDF Library", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 16.12" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787: Out-of-bounds Write (3.1)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "ID": "CVE-2018-20249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Quick PDF Library", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 16.12" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "106306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write (3.1)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106306" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20498.json b/2018/20xxx/CVE-2018-20498.json index f475c11db50..33636db6632 100644 --- a/2018/20xxx/CVE-2018-20498.json +++ b/2018/20xxx/CVE-2018-20498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20498", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20498", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20548.json b/2018/20xxx/CVE-2018-20548.json index cd842ca9849..789f0a1a556 100644 --- a/2018/20xxx/CVE-2018-20548.json +++ b/2018/20xxx/CVE-2018-20548.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652625", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652625" - }, - { - "name" : "USN-3860-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3860-1/" - }, - { - "name" : "USN-3860-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3860-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3860-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3860-2/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652625", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652625" + }, + { + "name": "USN-3860-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3860-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9260.json b/2018/9xxx/CVE-2018-9260.json index b2d07107055..22c469cf08e 100644 --- a/2018/9xxx/CVE-2018-9260.json +++ b/2018/9xxx/CVE-2018-9260.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" - }, - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-17.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-17.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-17.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-17.html" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9469.json b/2018/9xxx/CVE-2018-9469.json index 29a7d7f66c0..6c402e24aad 100644 --- a/2018/9xxx/CVE-2018-9469.json +++ b/2018/9xxx/CVE-2018-9469.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9469", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9469", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9549.json b/2018/9xxx/CVE-2018-9549.json index b2799887479..c20b8a47276 100644 --- a/2018/9xxx/CVE-2018-9549.json +++ b/2018/9xxx/CVE-2018-9549.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-12-01" - }, - { - "name" : "106137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106137" + }, + { + "name": "https://source.android.com/security/bulletin/2018-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9858.json b/2018/9xxx/CVE-2018-9858.json index 0520376a104..651104cdeeb 100644 --- a/2018/9xxx/CVE-2018-9858.json +++ b/2018/9xxx/CVE-2018-9858.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9858", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9858", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file