From a8e13e887abd16bd7237bd93230e40e39915235a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:36:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0243.json | 120 ++++++------- 2002/0xxx/CVE-2002-0534.json | 140 +++++++-------- 2002/0xxx/CVE-2002-0887.json | 150 ++++++++--------- 2002/1xxx/CVE-2002-1491.json | 150 ++++++++--------- 2002/1xxx/CVE-2002-1849.json | 140 +++++++-------- 2002/2xxx/CVE-2002-2311.json | 150 ++++++++--------- 2002/2xxx/CVE-2002-2321.json | 140 +++++++-------- 2003/0xxx/CVE-2003-0735.json | 140 +++++++-------- 2005/1xxx/CVE-2005-1044.json | 34 ++-- 2005/1xxx/CVE-2005-1151.json | 170 +++++++++---------- 2005/1xxx/CVE-2005-1161.json | 220 ++++++++++++------------ 2005/1xxx/CVE-2005-1302.json | 160 +++++++++--------- 2005/1xxx/CVE-2005-1808.json | 140 +++++++-------- 2009/1xxx/CVE-2009-1048.json | 150 ++++++++--------- 2009/1xxx/CVE-2009-1088.json | 160 +++++++++--------- 2009/1xxx/CVE-2009-1356.json | 130 +++++++------- 2009/1xxx/CVE-2009-1413.json | 140 +++++++-------- 2009/1xxx/CVE-2009-1557.json | 160 +++++++++--------- 2009/1xxx/CVE-2009-1714.json | 250 +++++++++++++-------------- 2012/0xxx/CVE-2012-0346.json | 34 ++-- 2012/2xxx/CVE-2012-2084.json | 200 +++++++++++----------- 2012/3xxx/CVE-2012-3080.json | 34 ++-- 2012/3xxx/CVE-2012-3182.json | 150 ++++++++--------- 2012/3xxx/CVE-2012-3195.json | 150 ++++++++--------- 2012/3xxx/CVE-2012-3318.json | 34 ++-- 2012/3xxx/CVE-2012-3883.json | 34 ++-- 2012/4xxx/CVE-2012-4179.json | 300 ++++++++++++++++----------------- 2012/4xxx/CVE-2012-4394.json | 140 +++++++-------- 2012/4xxx/CVE-2012-4508.json | 250 +++++++++++++-------------- 2012/4xxx/CVE-2012-4561.json | 240 +++++++++++++------------- 2012/4xxx/CVE-2012-4596.json | 130 +++++++------- 2012/4xxx/CVE-2012-4702.json | 120 ++++++------- 2012/6xxx/CVE-2012-6176.json | 34 ++-- 2012/6xxx/CVE-2012-6347.json | 130 +++++++------- 2017/2xxx/CVE-2017-2549.json | 170 +++++++++---------- 2017/2xxx/CVE-2017-2958.json | 140 +++++++-------- 2017/2xxx/CVE-2017-2961.json | 150 ++++++++--------- 2017/6xxx/CVE-2017-6103.json | 132 +++++++-------- 2017/6xxx/CVE-2017-6433.json | 34 ++-- 2017/6xxx/CVE-2017-6706.json | 140 +++++++-------- 2017/7xxx/CVE-2017-7550.json | 142 ++++++++-------- 2018/14xxx/CVE-2018-14095.json | 34 ++-- 2018/14xxx/CVE-2018-14156.json | 34 ++-- 2018/14xxx/CVE-2018-14560.json | 34 ++-- 2018/14xxx/CVE-2018-14618.json | 234 ++++++++++++------------- 2018/15xxx/CVE-2018-15108.json | 34 ++-- 2018/15xxx/CVE-2018-15182.json | 120 ++++++------- 2018/15xxx/CVE-2018-15851.json | 120 ++++++------- 2018/20xxx/CVE-2018-20153.json | 190 ++++++++++----------- 2018/20xxx/CVE-2018-20389.json | 130 +++++++------- 2018/20xxx/CVE-2018-20492.json | 34 ++-- 2018/9xxx/CVE-2018-9023.json | 132 +++++++-------- 2018/9xxx/CVE-2018-9041.json | 120 ++++++------- 2018/9xxx/CVE-2018-9171.json | 34 ++-- 2018/9xxx/CVE-2018-9477.json | 34 ++-- 55 files changed, 3508 insertions(+), 3508 deletions(-) diff --git a/2002/0xxx/CVE-2002-0243.json b/2002/0xxx/CVE-2002-0243.json index da2f2252c74..da7323183c3 100644 --- a/2002/0xxx/CVE-2002-0243.json +++ b/2002/0xxx/CVE-2002-0243.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101309907709138&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101309907709138&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0534.json b/2002/0xxx/CVE-2002-0534.json index 948be14de0e..c22cd15d7d8 100644 --- a/2002/0xxx/CVE-2002-0534.json +++ b/2002/0xxx/CVE-2002-0534.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \\0 characters within [code] tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020416 Multiple Vulnerabilities in PostBoard", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/267936" - }, - { - "name" : "postboard-bbcode-dos(8883)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8883.php" - }, - { - "name" : "4562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \\0 characters within [code] tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "postboard-bbcode-dos(8883)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8883.php" + }, + { + "name": "4562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4562" + }, + { + "name": "20020416 Multiple Vulnerabilities in PostBoard", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/267936" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0887.json b/2002/0xxx/CVE-2002-0887.json index 8dbf07dc9ce..eed0d39e36f 100644 --- a/2002/0xxx/CVE-2002-0887.json +++ b/2002/0xxx/CVE-2002-0887.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010522 [SRT2001-10] - scoadmin /tmp issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99057164129869&w=2" - }, - { - "name" : "CSSA-2002-SCO.22", - "refsource" : "CALDERA", - "url" : "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22/CSSA-2002-SCO.22.txt" - }, - { - "name" : "4875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4875" - }, - { - "name" : "openserver-scoadmin-symlink(9210)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9210.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010522 [SRT2001-10] - scoadmin /tmp issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99057164129869&w=2" + }, + { + "name": "openserver-scoadmin-symlink(9210)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9210.php" + }, + { + "name": "4875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4875" + }, + { + "name": "CSSA-2002-SCO.22", + "refsource": "CALDERA", + "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22/CSSA-2002-SCO.22.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1491.json b/2002/1xxx/CVE-2002-1491.json index 22b3a66696a..2c7d9d5bca1 100644 --- a/2002/1xxx/CVE-2002-1491.json +++ b/2002/1xxx/CVE-2002-1491.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving \"Default Connection\" settings, which could allow local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020918 Cisco VPN 5000 Client Multiple Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml" - }, - { - "name" : "cisco-vpn5000-defaultconnection-password(10129)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10129.php" - }, - { - "name" : "5736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5736" - }, - { - "name" : "7041", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving \"Default Connection\" settings, which could allow local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020918 Cisco VPN 5000 Client Multiple Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml" + }, + { + "name": "5736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5736" + }, + { + "name": "cisco-vpn5000-defaultconnection-password(10129)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10129.php" + }, + { + "name": "7041", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7041" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1849.json b/2002/1xxx/CVE-2002-1849.json index 0d339625a71..64e869c8016 100644 --- a/2002/1xxx/CVE-2002-1849.json +++ b/2002/1xxx/CVE-2002-1849.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020731 FW: Parachat DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0427.html" - }, - { - "name" : "5370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5370" - }, - { - "name" : "parachat-no-logoff-dos(9735)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9735.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020731 FW: Parachat DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0427.html" + }, + { + "name": "parachat-no-logoff-dos(9735)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9735.php" + }, + { + "name": "5370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5370" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2311.json b/2002/2xxx/CVE-2002-2311.json index 7d15788bfe4..a0548a4b980 100644 --- a/2002/2xxx/CVE-2002-2311.json +++ b/2002/2xxx/CVE-2002-2311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/283866" - }, - { - "name" : "20020724 RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284068" - }, - { - "name" : "5290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5290" - }, - { - "name" : "ie-ctrl-file-upload(9653)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9653.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/283866" + }, + { + "name": "ie-ctrl-file-upload(9653)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9653.php" + }, + { + "name": "5290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5290" + }, + { + "name": "20020724 RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284068" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2321.json b/2002/2xxx/CVE-2002-2321.json index 71ec2187da3..4eabbc7a739 100644 --- a/2002/2xxx/CVE-2002-2321.json +++ b/2002/2xxx/CVE-2002-2321.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021003 phpLinkat XSS Security Bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0065.html" - }, - { - "name" : "5890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5890" - }, - { - "name" : "phplinkat-url-showcat-xss(10269)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10269.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021003 phpLinkat XSS Security Bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0065.html" + }, + { + "name": "phplinkat-url-showcat-xss(10269)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10269.php" + }, + { + "name": "5890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5890" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0735.json b/2003/0xxx/CVE-2003-0735.json index 31847eaf24c..c020b39a1e3 100644 --- a/2003/0xxx/CVE-2003-0735.json +++ b/2003/0xxx/CVE-2003-0735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2" - }, - { - "name" : "20030902 GLSA: phpwebsite (200309-03)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2" - }, - { - "name" : "VU#925166", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/925166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#925166", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/925166" + }, + { + "name": "20030902 GLSA: phpwebsite (200309-03)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106252188522715&w=2" + }, + { + "name": "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106062021711496&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1044.json b/2005/1xxx/CVE-2005-1044.json index 6d7ff369bc1..72aad9127a2 100644 --- a/2005/1xxx/CVE-2005-1044.json +++ b/2005/1xxx/CVE-2005-1044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1044", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0941. Reason: This candidate is a duplicate of CVE-2005-0941. Notes: All CVE users should reference CVE-2005-0941 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1044", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0941. Reason: This candidate is a duplicate of CVE-2005-0941. Notes: All CVE users should reference CVE-2005-0941 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1151.json b/2005/1xxx/CVE-2005-1151.json index b5c4939a2a9..e2a73629d7e 100644 --- a/2005/1xxx/CVE-2005-1151.json +++ b/2005/1xxx/CVE-2005-1151.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-1151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-728", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-728" - }, - { - "name" : "GLSA-200505-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200505-17.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=90622", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=90622" - }, - { - "name" : "15475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15475" - }, - { - "name" : "15478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15478" - }, - { - "name" : "15505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15505" + }, + { + "name": "15478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15478" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=90622", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=90622" + }, + { + "name": "DSA-728", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-728" + }, + { + "name": "15475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15475" + }, + { + "name": "GLSA-200505-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-17.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1161.json b/2005/1xxx/CVE-2005-1161.json index 13c0863871c..5747653e241 100644 --- a/2005/1xxx/CVE-2005-1161.json +++ b/2005/1xxx/CVE-2005-1161.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050414 Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111352017704126&w=2" - }, - { - "name" : "http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab", - "refsource" : "CONFIRM", - "url" : "http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab" - }, - { - "name" : "13181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13181" - }, - { - "name" : "13182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13182" - }, - { - "name" : "13183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13183" - }, - { - "name" : "15518", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15518" - }, - { - "name" : "15519", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15519" - }, - { - "name" : "15520", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15520" - }, - { - "name" : "1013720", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013720" - }, - { - "name" : "14969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14969" - }, - { - "name" : "oneworldstore-product-category-sql-injection(20097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013720", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013720" + }, + { + "name": "13183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13183" + }, + { + "name": "http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab", + "refsource": "CONFIRM", + "url": "http://www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab" + }, + { + "name": "13182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13182" + }, + { + "name": "15518", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15518" + }, + { + "name": "15520", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15520" + }, + { + "name": "oneworldstore-product-category-sql-injection(20097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20097" + }, + { + "name": "13181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13181" + }, + { + "name": "15519", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15519" + }, + { + "name": "20050414 Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111352017704126&w=2" + }, + { + "name": "14969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14969" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1302.json b/2005/1xxx/CVE-2005-1302.json index d7af561a12e..76e300db46a 100644 --- a/2005/1xxx/CVE-2005-1302.json +++ b/2005/1xxx/CVE-2005-1302.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the \"change user\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050425 Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111444886429814&w=2" - }, - { - "name" : "13355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13355" - }, - { - "name" : "15815", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15815" - }, - { - "name" : "15121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15121" - }, - { - "name" : "694", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the \"change user\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "694", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/694" + }, + { + "name": "13355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13355" + }, + { + "name": "15121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15121" + }, + { + "name": "20050425 Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111444886429814&w=2" + }, + { + "name": "15815", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15815" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1808.json b/2005/1xxx/CVE-2005-1808.json index 22ea404a8f7..c2d00b1a751 100644 --- a/2005/1xxx/CVE-2005-1808.json +++ b/2005/1xxx/CVE-2005-1808.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050530 Crash in Stronghold 2 1.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111747562806999&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/strong2boom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/strong2boom-adv.txt" - }, - { - "name" : "15556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/strong2boom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/strong2boom-adv.txt" + }, + { + "name": "20050530 Crash in Stronghold 2 1.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111747562806999&w=2" + }, + { + "name": "15556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15556" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1048.json b/2009/1xxx/CVE-2009-1048.json index c3d5d82c112..bcc7f417f6e 100644 --- a/2009/1xxx/CVE-2009-1048.json +++ b/2009/1xxx/CVE-2009-1048.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090812 Authentication Bypass of Snom Phone Web Interface", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505723/100/0/threaded" - }, - { - "name" : "http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt", - "refsource" : "MISC", - "url" : "http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt" - }, - { - "name" : "36293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36293" - }, - { - "name" : "snom-httphost-security-bypass(52424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt", + "refsource": "MISC", + "url": "http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt" + }, + { + "name": "36293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36293" + }, + { + "name": "20090812 Authentication Bypass of Snom Phone Web Interface", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505723/100/0/threaded" + }, + { + "name": "snom-httphost-security-bypass(52424)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52424" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1088.json b/2009/1xxx/CVE-2009-1088.json index 22db7d859a5..cc4a76149a0 100644 --- a/2009/1xxx/CVE-2009-1088.json +++ b/2009/1xxx/CVE-2009-1088.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with \"extension elements and extension functions\" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090319 Command Execution in Hannon Hill Cascade Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501981/100/0/threaded" - }, - { - "name" : "8247", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8247" - }, - { - "name" : "http://support.hannonhill.com/browse/CSCD-4753", - "refsource" : "MISC", - "url" : "http://support.hannonhill.com/browse/CSCD-4753" - }, - { - "name" : "34186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34186" - }, - { - "name" : "cascadeserver-xlst-command-execution(49332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with \"extension elements and extension functions\" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8247", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8247" + }, + { + "name": "http://support.hannonhill.com/browse/CSCD-4753", + "refsource": "MISC", + "url": "http://support.hannonhill.com/browse/CSCD-4753" + }, + { + "name": "20090319 Command Execution in Hannon Hill Cascade Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501981/100/0/threaded" + }, + { + "name": "34186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34186" + }, + { + "name": "cascadeserver-xlst-command-execution(49332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49332" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1356.json b/2009/1xxx/CVE-2009-1356.json index 48cd4348e1a..9aedf53b5ce 100644 --- a/2009/1xxx/CVE-2009-1356.json +++ b/2009/1xxx/CVE-2009-1356.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8452", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8452" - }, - { - "name" : "34560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34560" + }, + { + "name": "8452", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8452" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1413.json b/2009/1xxx/CVE-2009-1413.json index cf63cac6675..b0a8f5404ce 100644 --- a/2009/1xxx/CVE-2009-1413.json +++ b/2009/1xxx/CVE-2009-1413.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc", - "refsource" : "MISC", - "url" : "http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=9860", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=9860" - }, - { - "name" : "googlechrome-settimeout-xss(50447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "googlechrome-settimeout-xss(50447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50447" + }, + { + "name": "http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc", + "refsource": "MISC", + "url": "http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=9860", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=9860" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1557.json b/2009/1xxx/CVE-2009-1557.json index 6468c270cd4..eded1fd2427 100644 --- a/2009/1xxx/CVE-2009-1557.json +++ b/2009/1xxx/CVE-2009-1557.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-4/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-4/" - }, - { - "name" : "34714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34714" - }, - { - "name" : "34767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34767" - }, - { - "name" : "ADV-2009-1173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1173" - }, - { - "name" : "wvc54gca-nextfile-xss(50224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wvc54gca-nextfile-xss(50224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50224" + }, + { + "name": "34714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34714" + }, + { + "name": "ADV-2009-1173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1173" + }, + { + "name": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-4/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-4/" + }, + { + "name": "34767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34767" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1714.json b/2009/1xxx/CVE-2009-1714.json index f6f8037b3e9..ceb74271cde 100644 --- a/2009/1xxx/CVE-2009-1714.json +++ b/2009/1xxx/CVE-2009-1714.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "DSA-1950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1950" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "35348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35348" - }, - { - "name" : "55023", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55023" - }, - { - "name" : "1022344", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022344" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "37746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37746" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "safari-webinspector-xss(51268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35348" + }, + { + "name": "1022344", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022344" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "safari-webinspector-xss(51268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51268" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "37746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37746" + }, + { + "name": "DSA-1950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1950" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "55023", + "refsource": "OSVDB", + "url": "http://osvdb.org/55023" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0346.json b/2012/0xxx/CVE-2012-0346.json index 058e2df4372..02de47df328 100644 --- a/2012/0xxx/CVE-2012-0346.json +++ b/2012/0xxx/CVE-2012-0346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0346", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0346", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2084.json b/2012/2xxx/CVE-2012-2084.json index e245144a489..09b57379ed9 100644 --- a/2012/2xxx/CVE-2012-2084.json +++ b/2012/2xxx/CVE-2012-2084.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1515722", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1515722" - }, - { - "name" : "http://drupal.org/node/1515060", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1515060" - }, - { - "name" : "http://drupal.org/node/1515076", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1515076" - }, - { - "name" : "http://drupalcode.org/project/print.git/commit/30480e0", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/print.git/commit/30480e0" - }, - { - "name" : "http://drupalcode.org/project/print.git/commit/6771c3f", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/print.git/commit/6771c3f" - }, - { - "name" : "52896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52896" - }, - { - "name" : "48625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48625" - }, - { - "name" : "printeremailpdfversions-unspecified-xss(74611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupalcode.org/project/print.git/commit/30480e0", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/print.git/commit/30480e0" + }, + { + "name": "printeremailpdfversions-unspecified-xss(74611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74611" + }, + { + "name": "http://drupalcode.org/project/print.git/commit/6771c3f", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/print.git/commit/6771c3f" + }, + { + "name": "http://drupal.org/node/1515722", + "refsource": "MISC", + "url": "http://drupal.org/node/1515722" + }, + { + "name": "http://drupal.org/node/1515060", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1515060" + }, + { + "name": "52896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52896" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "http://drupal.org/node/1515076", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1515076" + }, + { + "name": "48625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48625" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3080.json b/2012/3xxx/CVE-2012-3080.json index 9198980de7c..097d79cf9a6 100644 --- a/2012/3xxx/CVE-2012-3080.json +++ b/2012/3xxx/CVE-2012-3080.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3080", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3080", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3182.json b/2012/3xxx/CVE-2012-3182.json index 1c9baf7cd83..b07539a65f3 100644 --- a/2012/3xxx/CVE-2012-3182.json +++ b/2012/3xxx/CVE-2012-3182.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1027671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027671" - }, - { - "name" : "51001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51001" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "1027671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027671" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3195.json b/2012/3xxx/CVE-2012-3195.json index 56066d8fe39..316f86a05a2 100644 --- a/2012/3xxx/CVE-2012-3195.json +++ b/2012/3xxx/CVE-2012-3195.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1027671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027671" - }, - { - "name" : "51001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51001" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "1027671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027671" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3318.json b/2012/3xxx/CVE-2012-3318.json index 8fd54172b38..7312ec45546 100644 --- a/2012/3xxx/CVE-2012-3318.json +++ b/2012/3xxx/CVE-2012-3318.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3318", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3318", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3883.json b/2012/3xxx/CVE-2012-3883.json index 43b5eb5f42b..f05c7f69c69 100644 --- a/2012/3xxx/CVE-2012-3883.json +++ b/2012/3xxx/CVE-2012-3883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4179.json b/2012/4xxx/CVE-2012-4179.json index 914513950f3..604ac4be8b9 100644 --- a/2012/4xxx/CVE-2012-4179.json +++ b/2012/4xxx/CVE-2012-4179.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785574", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785574" - }, - { - "name" : "DSA-2569", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2569" - }, - { - "name" : "DSA-2565", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2565" - }, - { - "name" : "DSA-2572", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2572" - }, - { - "name" : "MDVSA-2012:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" - }, - { - "name" : "RHSA-2012:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "oval:org.mitre.oval:def:16882", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16882" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50936" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - }, - { - "name" : "51181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51181" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - }, - { - "name" : "firefox-createcsspropertytxn-code-exec(79157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "firefox-createcsspropertytxn-code-exec(79157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79157" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "DSA-2565", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2565" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "DSA-2572", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2572" + }, + { + "name": "RHSA-2012:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html" + }, + { + "name": "50936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50936" + }, + { + "name": "51181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51181" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "MDVSA-2012:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" + }, + { + "name": "oval:org.mitre.oval:def:16882", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16882" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=785574", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785574" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + }, + { + "name": "DSA-2569", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2569" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-85.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4394.json b/2012/4xxx/CVE-2012-4394.json index 6e2d6b7b8e7..ed77d4e35df 100644 --- a/2012/4xxx/CVE-2012-4394.json +++ b/2012/4xxx/CVE-2012-4394.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/11/1" - }, - { - "name" : "[oss-security] 20120901 Re: CVE - ownCloud", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/2" - }, - { - "name" : "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8" + }, + { + "name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/11/1" + }, + { + "name": "[oss-security] 20120901 Re: CVE - ownCloud", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/2" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4508.json b/2012/4xxx/CVE-2012-4508.json index d8b23127d56..5af85ec385e 100644 --- a/2012/4xxx/CVE-2012-4508.json +++ b/2012/4xxx/CVE-2012-4508.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121025 CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/25/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dee1f973ca341c266229faa5a1a5bb268bed3531", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dee1f973ca341c266229faa5a1a5bb268bed3531" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=869904", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=869904" - }, - { - "name" : "https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531" - }, - { - "name" : "FEDORA-2012-17479", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html" - }, - { - "name" : "RHSA-2012:1540", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1540.html" - }, - { - "name" : "RHSA-2013:0496", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0496.html" - }, - { - "name" : "RHSA-2013:1519", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1519.html" - }, - { - "name" : "RHSA-2013:1783", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1783.html" - }, - { - "name" : "SUSE-SU-2012:1679", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" - }, - { - "name" : "USN-1645-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1645-1" - }, - { - "name" : "USN-1899-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1899-1" - }, - { - "name" : "USN-1900-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1900-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dee1f973ca341c266229faa5a1a5bb268bed3531", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dee1f973ca341c266229faa5a1a5bb268bed3531" + }, + { + "name": "RHSA-2012:1540", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1540.html" + }, + { + "name": "RHSA-2013:0496", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0496.html" + }, + { + "name": "RHSA-2013:1783", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1783.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.16" + }, + { + "name": "USN-1645-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1645-1" + }, + { + "name": "USN-1899-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1899-1" + }, + { + "name": "RHSA-2013:1519", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1519.html" + }, + { + "name": "SUSE-SU-2012:1679", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/dee1f973ca341c266229faa5a1a5bb268bed3531" + }, + { + "name": "FEDORA-2012-17479", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091110.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=869904", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869904" + }, + { + "name": "[oss-security] 20121025 CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/25/1" + }, + { + "name": "USN-1900-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1900-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4561.json b/2012/4xxx/CVE-2012-4561.json index 9a1c07d59b4..7d8339d0623 100644 --- a/2012/4xxx/CVE-2012-4561.json +++ b/2012/4xxx/CVE-2012-4561.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free \"an invalid pointer on an error path,\" which might allow remote attackers to cause a denial of service (crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=871617", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=871617" - }, - { - "name" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", - "refsource" : "CONFIRM", - "url" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/" - }, - { - "name" : "DSA-2577", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2577" - }, - { - "name" : "FEDORA-2012-18610", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html" - }, - { - "name" : "FEDORA-2012-18677", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html" - }, - { - "name" : "MDVSA-2012:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175" - }, - { - "name" : "openSUSE-SU-2012:1620", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2012:1622", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html" - }, - { - "name" : "openSUSE-SU-2013:0130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html" - }, - { - "name" : "USN-1640-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1640-1" - }, - { - "name" : "56604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56604" - }, - { - "name" : "libssh-multiple-dos(80220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free \"an invalid pointer on an error path,\" which might allow remote attackers to cause a denial of service (crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2577", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2577" + }, + { + "name": "MDVSA-2012:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=871617", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871617" + }, + { + "name": "USN-1640-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1640-1" + }, + { + "name": "openSUSE-SU-2013:0130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html" + }, + { + "name": "openSUSE-SU-2012:1622", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html" + }, + { + "name": "FEDORA-2012-18610", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html" + }, + { + "name": "openSUSE-SU-2012:1620", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html" + }, + { + "name": "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/3" + }, + { + "name": "libssh-multiple-dos(80220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80220" + }, + { + "name": "FEDORA-2012-18677", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html" + }, + { + "name": "56604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56604" + }, + { + "name": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", + "refsource": "CONFIRM", + "url": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4596.json b/2012/4xxx/CVE-2012-4596.json index d8e49f082b4..9f472236ff1 100644 --- a/2012/4xxx/CVE-2012-4596.json +++ b/2012/4xxx/CVE-2012-4596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10026", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10026" - }, - { - "name" : "1027444", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027444", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027444" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10026", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10026" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4702.json b/2012/4xxx/CVE-2012-4702.json index 903e1b5dcec..5a5b9964c12 100644 --- a/2012/4xxx/CVE-2012-4702.json +++ b/2012/4xxx/CVE-2012-4702.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-4702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6176.json b/2012/6xxx/CVE-2012-6176.json index 0750d7a69b0..b374b37ad06 100644 --- a/2012/6xxx/CVE-2012-6176.json +++ b/2012/6xxx/CVE-2012-6176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6176", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6176", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6347.json b/2012/6xxx/CVE-2012-6347.json index 0a66bb24e07..e62504be877 100644 --- a/2012/6xxx/CVE-2012-6347.json +++ b/2012/6xxx/CVE-2012-6347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=558", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=558" - }, - { - "name" : "https://fortiguard.com/psirt/FG-IR-012-007", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-012-007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/psirt/FG-IR-012-007", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-012-007" + }, + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=558", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=558" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2549.json b/2017/2xxx/CVE-2017-2549.json index 51977dfbe3a..267425be868 100644 --- a/2017/2xxx/CVE-2017-2549.json +++ b/2017/2xxx/CVE-2017-2549.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98473" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + }, + { + "name": "98473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98473" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2958.json b/2017/2xxx/CVE-2017-2958.json index e6829782645..8dd62ec559e 100644 --- a/2017/2xxx/CVE-2017-2958.json +++ b/2017/2xxx/CVE-2017-2958.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95343" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + }, + { + "name": "95343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95343" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2961.json b/2017/2xxx/CVE-2017-2961.json index dcc388585ee..094a57cc539 100644 --- a/2017/2xxx/CVE-2017-2961.json +++ b/2017/2xxx/CVE-2017-2961.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-025", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-025" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95343" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + }, + { + "name": "95343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95343" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-025", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-025" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6103.json b/2017/6xxx/CVE-2017-6103.json index 7157d830cf4..694a93adbd8 100644 --- a/2017/6xxx/CVE-2017-6103.json +++ b/2017/6xxx/CVE-2017-6103.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "ID" : "CVE-2017-6103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wordpress plugin AnyVar", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "0.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "matt_dev" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "ID": "CVE-2017-6103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wordpress plugin AnyVar", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.1.1" + } + ] + } + } + ] + }, + "vendor_name": "matt_dev" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=177", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=177" - }, - { - "name" : "96532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=177", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=177" + }, + { + "name": "96532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96532" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6433.json b/2017/6xxx/CVE-2017-6433.json index 808bbbdf22b..dd0eb8c9a8e 100644 --- a/2017/6xxx/CVE-2017-6433.json +++ b/2017/6xxx/CVE-2017-6433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6433", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6433", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6706.json b/2017/6xxx/CVE-2017-6706.json index fc6a74cd975..ce181b81726 100644 --- a/2017/6xxx/CVE-2017-6706.json +++ b/2017/6xxx/CVE-2017-6706.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning Tool", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning Tool" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Log File Information Disclosure Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning Tool", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning Tool" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp4", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp4" - }, - { - "name" : "99204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99204" - }, - { - "name" : "1038744", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Log File Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp4", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp4" + }, + { + "name": "1038744", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038744" + }, + { + "name": "99204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99204" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7550.json b/2017/7xxx/CVE-2017-7550.json index 9d7687b6f1b..ad7744ea580 100644 --- a/2017/7xxx/CVE-2017-7550.json +++ b/2017/7xxx/CVE-2017-7550.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-07-21T00:00:00", - "ID" : "CVE-2017-7550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ansible", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.x before 2.3.3, 2.4.x before 2.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-532" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-07-21T00:00:00", + "ID": "CVE-2017-7550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ansible", + "version": { + "version_data": [ + { + "version_value": "2.3.x before 2.3.3, 2.4.x before 2.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473645", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473645" - }, - { - "name" : "https://github.com/ansible/ansible/issues/30874", - "refsource" : "CONFIRM", - "url" : "https://github.com/ansible/ansible/issues/30874" - }, - { - "name" : "RHSA-2017:2966", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the \"params\" argument, and noting this in the module documentation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1473645", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473645" + }, + { + "name": "https://github.com/ansible/ansible/issues/30874", + "refsource": "CONFIRM", + "url": "https://github.com/ansible/ansible/issues/30874" + }, + { + "name": "RHSA-2017:2966", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2966" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14095.json b/2018/14xxx/CVE-2018-14095.json index a4c86e8e974..eb0b15e82d7 100644 --- a/2018/14xxx/CVE-2018-14095.json +++ b/2018/14xxx/CVE-2018-14095.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14095", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14095", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14156.json b/2018/14xxx/CVE-2018-14156.json index c1c0e8221b0..952fc200496 100644 --- a/2018/14xxx/CVE-2018-14156.json +++ b/2018/14xxx/CVE-2018-14156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14560.json b/2018/14xxx/CVE-2018-14560.json index 140a21bf24f..28286189c92 100644 --- a/2018/14xxx/CVE-2018-14560.json +++ b/2018/14xxx/CVE-2018-14560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14560", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14560", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14618.json b/2018/14xxx/CVE-2018-14618.json index d0676542f59..45b6deea795 100644 --- a/2018/14xxx/CVE-2018-14618.json +++ b/2018/14xxx/CVE-2018-14618.json @@ -1,120 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-14618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "curl", - "version" : { - "version_data" : [ - { - "version_value" : "7.61.1" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)" - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-131" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "curl", + "version": { + "version_data": [ + { + "version_value": "7.61.1" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)" + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618" - }, - { - "name" : "https://curl.haxx.se/docs/CVE-2018-14618.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/CVE-2018-14618.html" - }, - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014" - }, - { - "name" : "DSA-4286", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4286" - }, - { - "name" : "GLSA-201903-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-03" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "USN-3765-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3765-1/" - }, - { - "name" : "USN-3765-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3765-2/" - }, - { - "name" : "1041605", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041605" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-131" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://curl.haxx.se/docs/CVE-2018-14618.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/CVE-2018-14618.html" + }, + { + "name": "GLSA-201903-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-03" + }, + { + "name": "USN-3765-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3765-1/" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014" + }, + { + "name": "DSA-4286", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4286" + }, + { + "name": "1041605", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041605" + }, + { + "name": "USN-3765-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3765-2/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15108.json b/2018/15xxx/CVE-2018-15108.json index 2217feef327..618e85bee64 100644 --- a/2018/15xxx/CVE-2018-15108.json +++ b/2018/15xxx/CVE-2018-15108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15108", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15108", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15182.json b/2018/15xxx/CVE-2018-15182.json index 3421bb26925..9ab5e5ed2da 100644 --- a/2018/15xxx/CVE-2018-15182.json +++ b/2018/15xxx/CVE-2018-15182.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gkaim.com/cve-2018-15182-vikas-chaudhary/", - "refsource" : "MISC", - "url" : "https://gkaim.com/cve-2018-15182-vikas-chaudhary/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gkaim.com/cve-2018-15182-vikas-chaudhary/", + "refsource": "MISC", + "url": "https://gkaim.com/cve-2018-15182-vikas-chaudhary/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15851.json b/2018/15xxx/CVE-2018-15851.json index c7b9cd2d128..0e56b507bd5 100644 --- a/2018/15xxx/CVE-2018-15851.json +++ b/2018/15xxx/CVE-2018-15851.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/flexocms/flexo1.source/issues/25", - "refsource" : "MISC", - "url" : "https://github.com/flexocms/flexo1.source/issues/25" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/flexocms/flexo1.source/issues/25", + "refsource": "MISC", + "url": "https://github.com/flexocms/flexo1.source/issues/25" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20153.json b/2018/20xxx/CVE-2018-20153.json index 8999c7f3b4a..dfe908bccdb 100644 --- a/2018/20xxx/CVE-2018-20153.json +++ b/2018/20xxx/CVE-2018-20153.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html" - }, - { - "name" : "https://codex.wordpress.org/Version_4.9.9", - "refsource" : "MISC", - "url" : "https://codex.wordpress.org/Version_4.9.9" - }, - { - "name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" - }, - { - "name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/", - "refsource" : "MISC", - "url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/" - }, - { - "name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/", - "refsource" : "MISC", - "url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9172", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9172" - }, - { - "name" : "DSA-4401", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4401" - }, - { - "name" : "106220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106220" + }, + { + "name": "https://wordpress.org/support/wordpress-version/version-5-0-1/", + "refsource": "MISC", + "url": "https://wordpress.org/support/wordpress-version/version-5-0-1/" + }, + { + "name": "https://codex.wordpress.org/Version_4.9.9", + "refsource": "MISC", + "url": "https://codex.wordpress.org/Version_4.9.9" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9172", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9172" + }, + { + "name": "DSA-4401", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4401" + }, + { + "name": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" + }, + { + "name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html" + }, + { + "name": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/", + "refsource": "MISC", + "url": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20389.json b/2018/20xxx/CVE-2018-20389.json index a581db92c70..1d022d507ea 100644 --- a/2018/20xxx/CVE-2018-20389.json +++ b/2018/20xxx/CVE-2018-20389.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", - "refsource" : "MISC", - "url" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" - }, - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", + "refsource": "MISC", + "url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" + }, + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20492.json b/2018/20xxx/CVE-2018-20492.json index 375e74ce0d6..a8527b60b97 100644 --- a/2018/20xxx/CVE-2018-20492.json +++ b/2018/20xxx/CVE-2018-20492.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20492", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20492", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9023.json b/2018/9xxx/CVE-2018-9023.json index b14cf36a991..d310a053ae3 100644 --- a/2018/9xxx/CVE-2018-9023.json +++ b/2018/9xxx/CVE-2018-9023.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2018-06-14T00:00:00", - "ID" : "CVE-2018-9023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CA Privileged Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.x" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2018-06-14T00:00:00", + "ID": "CVE-2018-9023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CA Privileged Access Manager", + "version": { + "version_data": [ + { + "version_value": "2.x" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" - }, - { - "name" : "104496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104496" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9041.json b/2018/9xxx/CVE-2018-9041.json index 11712839987..47146797c24 100644 --- a/2018/9xxx/CVE-2018-9041.json +++ b/2018/9xxx/CVE-2018-9041.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402004", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402004", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402004" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9171.json b/2018/9xxx/CVE-2018-9171.json index c512daa7451..b47fddb916e 100644 --- a/2018/9xxx/CVE-2018-9171.json +++ b/2018/9xxx/CVE-2018-9171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9477.json b/2018/9xxx/CVE-2018-9477.json index 0f4dc1bcc71..6f31ce5c290 100644 --- a/2018/9xxx/CVE-2018-9477.json +++ b/2018/9xxx/CVE-2018-9477.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9477", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9477", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file