From ab6b2cef2ae7dc5ab063cadb43dd3fb146e56a00 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:48:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0038.json | 160 +++++++++---------- 2002/0xxx/CVE-2002-0122.json | 140 ++++++++--------- 2002/0xxx/CVE-2002-0395.json | 130 ++++++++-------- 2002/0xxx/CVE-2002-0506.json | 140 ++++++++--------- 2002/0xxx/CVE-2002-0768.json | 130 ++++++++-------- 2002/1xxx/CVE-2002-1728.json | 150 +++++++++--------- 2002/1xxx/CVE-2002-1729.json | 150 +++++++++--------- 2002/1xxx/CVE-2002-1939.json | 140 ++++++++--------- 2002/2xxx/CVE-2002-2267.json | 140 ++++++++--------- 2002/2xxx/CVE-2002-2297.json | 140 ++++++++--------- 2005/0xxx/CVE-2005-0672.json | 150 +++++++++--------- 2005/1xxx/CVE-2005-1733.json | 140 ++++++++--------- 2009/1xxx/CVE-2009-1289.json | 160 +++++++++---------- 2009/1xxx/CVE-2009-1684.json | 260 +++++++++++++++---------------- 2009/1xxx/CVE-2009-1986.json | 180 +++++++++++----------- 2009/5xxx/CVE-2009-5151.json | 120 +++++++-------- 2012/2xxx/CVE-2012-2103.json | 200 ++++++++++++------------ 2012/2xxx/CVE-2012-2289.json | 130 ++++++++-------- 2012/2xxx/CVE-2012-2864.json | 170 ++++++++++----------- 2012/2xxx/CVE-2012-2916.json | 160 +++++++++---------- 2012/2xxx/CVE-2012-2997.json | 170 ++++++++++----------- 2012/3xxx/CVE-2012-3009.json | 130 ++++++++-------- 2012/3xxx/CVE-2012-3911.json | 34 ++--- 2012/3xxx/CVE-2012-3920.json | 34 ++--- 2012/4xxx/CVE-2012-4070.json | 120 +++++++-------- 2012/4xxx/CVE-2012-4808.json | 34 ++--- 2012/4xxx/CVE-2012-4850.json | 150 +++++++++--------- 2012/6xxx/CVE-2012-6282.json | 34 ++--- 2012/6xxx/CVE-2012-6541.json | 150 +++++++++--------- 2017/2xxx/CVE-2017-2159.json | 34 ++--- 2017/2xxx/CVE-2017-2314.json | 270 ++++++++++++++++----------------- 2017/2xxx/CVE-2017-2711.json | 132 ++++++++-------- 2017/6xxx/CVE-2017-6281.json | 132 ++++++++-------- 2017/6xxx/CVE-2017-6480.json | 140 ++++++++--------- 2017/6xxx/CVE-2017-6870.json | 130 ++++++++-------- 2018/11xxx/CVE-2018-11044.json | 162 ++++++++++---------- 2018/11xxx/CVE-2018-11309.json | 120 +++++++-------- 2018/11xxx/CVE-2018-11607.json | 34 ++--- 2018/11xxx/CVE-2018-11632.json | 130 ++++++++-------- 2018/11xxx/CVE-2018-11989.json | 34 ++--- 2018/14xxx/CVE-2018-14036.json | 160 +++++++++---------- 2018/14xxx/CVE-2018-14715.json | 120 +++++++-------- 2018/14xxx/CVE-2018-14936.json | 120 +++++++-------- 2018/14xxx/CVE-2018-14971.json | 120 +++++++-------- 2018/15xxx/CVE-2018-15019.json | 34 ++--- 2018/15xxx/CVE-2018-15168.json | 140 ++++++++--------- 2018/15xxx/CVE-2018-15675.json | 34 ++--- 2018/15xxx/CVE-2018-15755.json | 166 ++++++++++---------- 2018/20xxx/CVE-2018-20240.json | 144 +++++++++--------- 2018/20xxx/CVE-2018-20481.json | 160 +++++++++---------- 50 files changed, 3231 insertions(+), 3231 deletions(-) diff --git a/2002/0xxx/CVE-2002-0038.json b/2002/0xxx/CVE-2002-0038.json index 8cb285215a3..5b1e1db7b9c 100644 --- a/2002/0xxx/CVE-2002-0038.json +++ b/2002/0xxx/CVE-2002-0038.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020102-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I" - }, - { - "name" : "20020102-02-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I" - }, - { - "name" : "20020102-03-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P" - }, - { - "name" : "irix-nsd-cache-dos(7907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7907" - }, - { - "name" : "3882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020102-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I" + }, + { + "name": "20020102-02-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I" + }, + { + "name": "3882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3882" + }, + { + "name": "20020102-03-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P" + }, + { + "name": "irix-nsd-cache-dos(7907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7907" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0122.json b/2002/0xxx/CVE-2002-0122.json index ebcf438999e..b60dd91e896 100644 --- a/2002/0xxx/CVE-2002-0122.json +++ b/2002/0xxx/CVE-2002-0122.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020114 Siemens Mobie SMS Exceptional Character Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/250115" - }, - { - "name" : "3870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3870" - }, - { - "name" : "siemens-invalid-sms-dos(7902)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7902.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "siemens-invalid-sms-dos(7902)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7902.php" + }, + { + "name": "20020114 Siemens Mobie SMS Exceptional Character Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/250115" + }, + { + "name": "3870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3870" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0395.json b/2002/0xxx/CVE-2002-0395.json index 002ca543684..a8ed0103b4f 100644 --- a/2002/0xxx/CVE-2002-0395.json +++ b/2002/0xxx/CVE-2002-0395.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A060502-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2002/a060502-1.txt" - }, - { - "name" : "redm-1050ap-tftp-bruteforce(9264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A060502-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2002/a060502-1.txt" + }, + { + "name": "redm-1050ap-tftp-bruteforce(9264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9264" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0506.json b/2002/0xxx/CVE-2002-0506.json index a67f2ac0e84..8694f671925 100644 --- a/2002/0xxx/CVE-2002-0506.json +++ b/2002/0xxx/CVE-2002-0506.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020328 A possible buffer overflow in libnewt", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/264699" - }, - { - "name" : "libnewt-bo(8700)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8700.php" - }, - { - "name" : "4393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "libnewt-bo(8700)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8700.php" + }, + { + "name": "20020328 A possible buffer overflow in libnewt", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/264699" + }, + { + "name": "4393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4393" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0768.json b/2002/0xxx/CVE-2002-0768.json index 64d03e6c27e..9daedcd448d 100644 --- a/2002/0xxx/CVE-2002-0768.json +++ b/2002/0xxx/CVE-2002-0768.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SuSE-SA:2002:018", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_18_lukemftp.html" - }, - { - "name" : "lukemftp-pasv-bo(9130)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9130.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lukemftp-pasv-bo(9130)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9130.php" + }, + { + "name": "SuSE-SA:2002:018", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_18_lukemftp.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1728.json b/2002/1xxx/CVE-2002-1728.json index 625d7ea185f..3aeaa101135 100644 --- a/2002/1xxx/CVE-2002-1728.json +++ b/2002/1xxx/CVE-2002-1728.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/270970" - }, - { - "name" : "http://www.ifrance.com/kitetoua/tuto/5holes4.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/5holes4.txt" - }, - { - "name" : "asksam-webpub-path-disclosure(9004)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9004" - }, - { - "name" : "4670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/270970" + }, + { + "name": "4670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4670" + }, + { + "name": "http://www.ifrance.com/kitetoua/tuto/5holes4.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/5holes4.txt" + }, + { + "name": "asksam-webpub-path-disclosure(9004)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9004" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1729.json b/2002/1xxx/CVE-2002-1729.json index bc0677ad01a..6dc5b20a7e0 100644 --- a/2002/1xxx/CVE-2002-1729.json +++ b/2002/1xxx/CVE-2002-1729.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the \"web site\" parameter in a guestbook message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/270970" - }, - { - "name" : "http://www.ifrance.com/kitetoua/tuto/5holes4.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/5holes4.txt" - }, - { - "name" : "4671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4671" - }, - { - "name" : "aspjar-guestbook-css(9005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the \"web site\" parameter in a guestbook message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspjar-guestbook-css(9005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9005" + }, + { + "name": "20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/270970" + }, + { + "name": "4671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4671" + }, + { + "name": "http://www.ifrance.com/kitetoua/tuto/5holes4.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/5holes4.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1939.json b/2002/1xxx/CVE-2002-1939.json index ce1c8ae5ed1..84a450c9892 100644 --- a/2002/1xxx/CVE-2002-1939.json +++ b/2002/1xxx/CVE-2002-1939.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021022 FlashFXP 1.4 Local Password Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/296658" - }, - { - "name" : "6032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6032" - }, - { - "name" : "flashfxp-password-disclosure(10445)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10445.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flashfxp-password-disclosure(10445)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10445.php" + }, + { + "name": "20021022 FlashFXP 1.4 Local Password Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/296658" + }, + { + "name": "6032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6032" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2267.json b/2002/2xxx/CVE-2002-2267.json index 691321546c0..0f77cc2a3ec 100644 --- a/2002/2xxx/CVE-2002-2267.json +++ b/2002/2xxx/CVE-2002-2267.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021129 bogofilter contrib/bogopass temp file vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0367.html" - }, - { - "name" : "6278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6278" - }, - { - "name" : "bogofilter-bogopass-symlink(10726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021129 bogofilter contrib/bogopass temp file vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0367.html" + }, + { + "name": "6278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6278" + }, + { + "name": "bogofilter-bogopass-symlink(10726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10726" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2297.json b/2002/2xxx/CVE-2002-2297.json index 1ab5466e3db..40b0cd933df 100644 --- a/2002/2xxx/CVE-2002-2297.json +++ b/2002/2xxx/CVE-2002-2297.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021201 Thatware (PHP)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html" - }, - { - "name" : "1005733", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005733" - }, - { - "name" : "thatware-php-file-include(10758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "thatware-php-file-include(10758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10758" + }, + { + "name": "20021201 Thatware (PHP)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html" + }, + { + "name": "1005733", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005733" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0672.json b/2005/0xxx/CVE-2005-0672.json index f56eaa9f5e5..147bb9dd055 100644 --- a/2005/0xxx/CVE-2005-0672.json +++ b/2005/0xxx/CVE-2005-0672.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/ca3dex-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ca3dex-adv.txt" - }, - { - "name" : "12727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12727" - }, - { - "name" : "1013361", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013361" - }, - { - "name" : "14483", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/ca3dex-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ca3dex-adv.txt" + }, + { + "name": "14483", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14483" + }, + { + "name": "12727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12727" + }, + { + "name": "1013361", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013361" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1733.json b/2005/1xxx/CVE-2005-1733.json index f806ace0a81..b4b6d85ac33 100644 --- a/2005/1xxx/CVE-2005-1733.json +++ b/2005/1xxx/CVE-2005-1733.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050521 Cookie Cart Default Installation Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111686721022831&w=2" - }, - { - "name" : "http://www.soulblack.com.ar/repo/papers/cookiec_advisory.txt", - "refsource" : "MISC", - "url" : "http://www.soulblack.com.ar/repo/papers/cookiec_advisory.txt" - }, - { - "name" : "1014026", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014026", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014026" + }, + { + "name": "http://www.soulblack.com.ar/repo/papers/cookiec_advisory.txt", + "refsource": "MISC", + "url": "http://www.soulblack.com.ar/repo/papers/cookiec_advisory.txt" + }, + { + "name": "20050521 Cookie Cart Default Installation Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111686721022831&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1289.json b/2009/1xxx/CVE-2009-1289.json index 641003d74f4..0069e425905 100644 --- a/2009/1xxx/CVE-2009-1289.json +++ b/2009/1xxx/CVE-2009-1289.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502582/100/0/threaded" - }, - { - "name" : "http://www.louhinetworks.fi/advisory/ibm_090409.txt", - "refsource" : "MISC", - "url" : "http://www.louhinetworks.fi/advisory/ibm_090409.txt" - }, - { - "name" : "34447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34447" - }, - { - "name" : "53659", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53659" - }, - { - "name" : "1022025", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "private/login.ssi in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded" + }, + { + "name": "53659", + "refsource": "OSVDB", + "url": "http://osvdb.org/53659" + }, + { + "name": "34447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34447" + }, + { + "name": "1022025", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022025" + }, + { + "name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt", + "refsource": "MISC", + "url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1684.json b/2009/1xxx/CVE-2009-1684.json index 806343edf92..e221f8d2712 100644 --- a/2009/1xxx/CVE-2009-1684.json +++ b/2009/1xxx/CVE-2009-1684.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "DSA-1950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1950" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "54987", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54987" - }, - { - "name" : "1022344", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022344" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "37746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37746" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022344", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022344" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "37746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37746" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "DSA-1950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1950" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + }, + { + "name": "54987", + "refsource": "OSVDB", + "url": "http://osvdb.org/54987" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1986.json b/2009/1xxx/CVE-2009-1986.json index f14475584f6..b65089bcb31 100644 --- a/2009/1xxx/CVE-2009-1986.json +++ b/2009/1xxx/CVE-2009-1986.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35695" - }, - { - "name" : "55902", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55902" - }, - { - "name" : "1022562", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022562" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-ebs-am-unspecified(51768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "35695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35695" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "55902", + "refsource": "OSVDB", + "url": "http://osvdb.org/55902" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "oracle-ebs-am-unspecified(51768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51768" + }, + { + "name": "1022562", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022562" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5151.json b/2009/5xxx/CVE-2009-5151.json index 4088b584940..85b83621f69 100644 --- a/2009/5xxx/CVE-2009-5151.json +++ b/2009/5xxx/CVE-2009-5151.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf", + "refsource": "MISC", + "url": "https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2103.json b/2012/2xxx/CVE-2012-2103.json index 4d2138cc36d..30be154082e 100644 --- a/2012/2xxx/CVE-2012-2103.json +++ b/2012/2xxx/CVE-2012-2103.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/16/5" - }, - { - "name" : "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/16/6" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=812889", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=812889" - }, - { - "name" : "USN-1622-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1622-1" - }, - { - "name" : "53031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53031" - }, - { - "name" : "48859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48859" - }, - { - "name" : "51218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51218" - }, - { - "name" : "munin-unspec-symlink(74884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1622-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1622-1" + }, + { + "name": "munin-unspec-symlink(74884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74884" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778" + }, + { + "name": "51218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51218" + }, + { + "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6" + }, + { + "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5" + }, + { + "name": "48859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48859" + }, + { + "name": "53031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53031" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=812889", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2289.json b/2012/2xxx/CVE-2012-2289.json index 8024c33aaf3..c9eb13ca022 100644 --- a/2012/2xxx/CVE-2012-2289.json +++ b/2012/2xxx/CVE-2012-2289.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-2289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120823 ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-08/0168.html" - }, - { - "name" : "1027442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120823 ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0168.html" + }, + { + "name": "1027442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027442" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2864.json b/2012/2xxx/CVE-2012-2864.json index 9ecc0999690..e4842fc0036 100644 --- a/2012/2xxx/CVE-2012-2864.json +++ b/2012/2xxx/CVE-2012-2864.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an \"array overflow.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=141901", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=141901" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264" - }, - { - "name" : "MDVSA-2013:103", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:103" - }, - { - "name" : "USN-1623-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1623-1" - }, - { - "name" : "51215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an \"array overflow.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1623-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1623-1" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=141901", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=141901" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264" + }, + { + "name": "51215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51215" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html" + }, + { + "name": "MDVSA-2013:103", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:103" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2916.json b/2012/2xxx/CVE-2012-2916.json index 73dff799ac5..bb21830f6bf 100644 --- a/2012/2xxx/CVE-2012-2916.json +++ b/2012/2xxx/CVE-2012-2916.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112692/WordPress-SABRE-1.2.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112692/WordPress-SABRE-1.2.0-Cross-Site-Scripting.html" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fsabre&old=534490&new_path=%2Fsabre&new=534490", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fsabre&old=534490&new_path=%2Fsabre&new=534490" - }, - { - "name" : "http://wordpress.org/extend/plugins/sabre/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/sabre/changelog/" - }, - { - "name" : "53528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53528" - }, - { - "name" : "sabre-tools-xss(75615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53528" + }, + { + "name": "http://packetstormsecurity.org/files/112692/WordPress-SABRE-1.2.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112692/WordPress-SABRE-1.2.0-Cross-Site-Scripting.html" + }, + { + "name": "sabre-tools-xss(75615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75615" + }, + { + "name": "http://wordpress.org/extend/plugins/sabre/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/sabre/changelog/" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fsabre&old=534490&new_path=%2Fsabre&new=534490", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fsabre&old=534490&new_path=%2Fsabre&new=534490" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2997.json b/2012/2xxx/CVE-2012-2997.json index ad433d4a950..49420065beb 100644 --- a/2012/2xxx/CVE-2012-2997.json +++ b/2012/2xxx/CVE-2012-2997.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130122 SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html" - }, - { - "name" : "57496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57496" - }, - { - "name" : "89447", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89447" - }, - { - "name" : "f5bigip-xml-info-disclosure(81426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "f5bigip-xml-info-disclosure(81426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81426" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html" + }, + { + "name": "89447", + "refsource": "OSVDB", + "url": "http://osvdb.org/89447" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt" + }, + { + "name": "57496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57496" + }, + { + "name": "20130122 SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3009.json b/2012/3xxx/CVE-2012-3009.json index b1f958be5ed..b6cea0fab1c 100644 --- a/2012/3xxx/CVE-2012-3009.json +++ b/2012/3xxx/CVE-2012-3009.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-3009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdf" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3911.json b/2012/3xxx/CVE-2012-3911.json index f7bd03a001f..5c9970a9b45 100644 --- a/2012/3xxx/CVE-2012-3911.json +++ b/2012/3xxx/CVE-2012-3911.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3911", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3911", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3920.json b/2012/3xxx/CVE-2012-3920.json index 9891843e23f..40f64eeaba1 100644 --- a/2012/3xxx/CVE-2012-3920.json +++ b/2012/3xxx/CVE-2012-3920.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3920", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3920", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4070.json b/2012/4xxx/CVE-2012-4070.json index eec7d9299ca..bcb9a8d5b14 100644 --- a/2012/4xxx/CVE-2012-4070.json +++ b/2012/4xxx/CVE-2012-4070.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120805 Dir2web3 Mutiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-08/0045.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120805 Dir2web3 Mutiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0045.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4808.json b/2012/4xxx/CVE-2012-4808.json index 84a6d4fa450..c0edbdfd1ee 100644 --- a/2012/4xxx/CVE-2012-4808.json +++ b/2012/4xxx/CVE-2012-4808.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4808", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4808", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4850.json b/2012/4xxx/CVE-2012-4850.json index 82c67f0a062..97ca7497352 100644 --- a/2012/4xxx/CVE-2012-4850.json +++ b/2012/4xxx/CVE-2012-4850.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21614265", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21614265" - }, - { - "name" : "PM67082", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM67082" - }, - { - "name" : "56460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56460" - }, - { - "name" : "was-libertyprofile-security-bypass(79539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM67082", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM67082" + }, + { + "name": "was-libertyprofile-security-bypass(79539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79539" + }, + { + "name": "56460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56460" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21614265", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21614265" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6282.json b/2012/6xxx/CVE-2012-6282.json index 40f06d83209..730e12aa16e 100644 --- a/2012/6xxx/CVE-2012-6282.json +++ b/2012/6xxx/CVE-2012-6282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6282", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6282", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6541.json b/2012/6xxx/CVE-2012-6541.json index 31a22a5f09e..f1ae21885d9 100644 --- a/2012/6xxx/CVE-2012-6541.json +++ b/2012/6xxx/CVE-2012-6541.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b07f8eb75aa3097cdfd4f6eac3da49db787381d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b07f8eb75aa3097cdfd4f6eac3da49db787381d" - }, - { - "name" : "https://github.com/torvalds/linux/commit/7b07f8eb75aa3097cdfd4f6eac3da49db787381d", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/7b07f8eb75aa3097cdfd4f6eac3da49db787381d" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/7b07f8eb75aa3097cdfd4f6eac3da49db787381d", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/7b07f8eb75aa3097cdfd4f6eac3da49db787381d" + }, + { + "name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/05/13" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b07f8eb75aa3097cdfd4f6eac3da49db787381d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b07f8eb75aa3097cdfd4f6eac3da49db787381d" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2159.json b/2017/2xxx/CVE-2017-2159.json index 6aaff274a37..b5f751489ba 100644 --- a/2017/2xxx/CVE-2017-2159.json +++ b/2017/2xxx/CVE-2017-2159.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2159", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2159", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2314.json b/2017/2xxx/CVE-2017-2314.json index 36b024b3c17..324b4b0e0f2 100644 --- a/2017/2xxx/CVE-2017-2314.json +++ b/2017/2xxx/CVE-2017-2314.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2017-07-12T09:00", - "ID" : "CVE-2017-2314", - "STATE" : "PUBLIC", - "TITLE" : "Junos: RPD crash due to malformed BGP OPEN message" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "platform" : "", - "version_value" : "12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4" - }, - { - "platform" : "", - "version_value" : "12.3X48 prior to 12.3X48-D50" - }, - { - "platform" : "", - "version_value" : "13.3 prior to 13.3R4-S11, 13.3R10" - }, - { - "platform" : "", - "version_value" : "14.1 prior to 14.1R8-S3, 14.1R9" - }, - { - "platform" : "", - "version_value" : "14.1X53 prior to 14.1X53-D40" - }, - { - "platform" : "", - "version_value" : "14.1X55 prior to 14.1X55-D35" - }, - { - "platform" : "", - "version_value" : "14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7" - }, - { - "platform" : "", - "version_value" : "15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4" - }, - { - "platform" : "", - "version_value" : "15.1X49 prior to 15.1X49-D100" - }, - { - "platform" : "", - "version_value" : "15.1X53 prior to 15.1X53-D33, 15.1X53-D50" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "This issue only affects devices with BGP enabled." - } - ], - "credit" : [], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50." - } - ] - }, - "exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, this issue has been seen in a production network due to the BGP implementation in a third party device.", - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "routing protocol daemon (rpd) crash denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2017-07-12T09:00", + "ID": "CVE-2017-2314", + "STATE": "PUBLIC", + "TITLE": "Junos: RPD crash due to malformed BGP OPEN message" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "", + "version_value": "12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4" + }, + { + "platform": "", + "version_value": "12.3X48 prior to 12.3X48-D50" + }, + { + "platform": "", + "version_value": "13.3 prior to 13.3R4-S11, 13.3R10" + }, + { + "platform": "", + "version_value": "14.1 prior to 14.1R8-S3, 14.1R9" + }, + { + "platform": "", + "version_value": "14.1X53 prior to 14.1X53-D40" + }, + { + "platform": "", + "version_value": "14.1X55 prior to 14.1X55-D35" + }, + { + "platform": "", + "version_value": "14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7" + }, + { + "platform": "", + "version_value": "15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4" + }, + { + "platform": "", + "version_value": "15.1X49 prior to 15.1X49-D100" + }, + { + "platform": "", + "version_value": "15.1X53 prior to 15.1X53-D33, 15.1X53-D50" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10779", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10779" - }, - { - "name" : "1038889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038889" - } - ] - }, - "solution" : "The following software releases have been updated to resolve this specific issue: Junos 12.3R12-S4, 12.3R13, 12.3R3-S4, 12.3X48-D50, 13.3R10, 13.3R4-S11, 14.1R8-S3, 14.1R9, 14.1X53-D40, 14.1X55-D35, 14.2R4-S7, 14.2R6-S4, 14.2R7, 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4, 15.1X49-D100, 15.1X53-D33, 15.1X53-D50, 16.1R1, 16.2R1 and all subsequent releases.\n\nThis issue is being tracked as PR 1159781 and is visible on the Customer Support website.", - "work_around" : [ - { - "lang" : "eng", - "value" : "While there is no workaround, the risk associated with this issue can be mitigated by limiting BGP sessions only from trusted peers." - } - ] -} + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue only affects devices with BGP enabled." + } + ], + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50." + } + ] + }, + "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, this issue has been seen in a production network due to the BGP implementation in a third party device.", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "routing protocol daemon (rpd) crash denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10779", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10779" + }, + { + "name": "1038889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038889" + } + ] + }, + "solution": "The following software releases have been updated to resolve this specific issue: Junos 12.3R12-S4, 12.3R13, 12.3R3-S4, 12.3X48-D50, 13.3R10, 13.3R4-S11, 14.1R8-S3, 14.1R9, 14.1X53-D40, 14.1X55-D35, 14.2R4-S7, 14.2R6-S4, 14.2R7, 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4, 15.1X49-D100, 15.1X53-D33, 15.1X53-D50, 16.1R1, 16.2R1 and all subsequent releases.\n\nThis issue is being tracked as PR 1159781 and is visible on the Customer Support website.", + "work_around": [ + { + "lang": "eng", + "value": "While there is no workaround, the risk associated with this issue can be mitigated by limiting BGP sessions only from trusted peers." + } + ] +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2711.json b/2017/2xxx/CVE-2017-2711.json index 4d59f28b203..4e871f8df51 100644 --- a/2017/2xxx/CVE-2017-2711.json +++ b/2017/2xxx/CVE-2017-2711.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P9 Plus", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than VIE-AL10C00B352 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P9 Plus", + "version": { + "version_data": [ + { + "version_value": "Earlier than VIE-AL10C00B352 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-03-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-03-smartphone-en" - }, - { - "name" : "95663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-03-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-03-smartphone-en" + }, + { + "name": "95663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95663" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6281.json b/2017/6xxx/CVE-2017-6281.json index 353d464ea6b..36424ba5622 100644 --- a/2017/6xxx/CVE-2017-6281.json +++ b/2017/6xxx/CVE-2017-6281.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-6281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-6281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-03-01" - }, - { - "name" : "103286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-03-01" + }, + { + "name": "103286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103286" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6480.json b/2017/6xxx/CVE-2017-6480.json index 67bbeb2735f..2c550222250 100644 --- a/2017/6xxx/CVE-2017-6480.json +++ b/2017/6xxx/CVE-2017-6480.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/groovel/cmsgroovel/issues/2", - "refsource" : "CONFIRM", - "url" : "https://github.com/groovel/cmsgroovel/issues/2" - }, - { - "name" : "https://github.com/groovel/cmsgroovel/releases/tag/3.3.7-beta", - "refsource" : "CONFIRM", - "url" : "https://github.com/groovel/cmsgroovel/releases/tag/3.3.7-beta" - }, - { - "name" : "96585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/groovel/cmsgroovel/releases/tag/3.3.7-beta", + "refsource": "CONFIRM", + "url": "https://github.com/groovel/cmsgroovel/releases/tag/3.3.7-beta" + }, + { + "name": "96585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96585" + }, + { + "name": "https://github.com/groovel/cmsgroovel/issues/2", + "refsource": "CONFIRM", + "url": "https://github.com/groovel/cmsgroovel/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6870.json b/2017/6xxx/CVE-2017-6870.json index c6514888772..216937e592b 100644 --- a/2017/6xxx/CVE-2017-6870.json +++ b/2017/6xxx/CVE-2017-6870.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2017-6870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIMATIC WinCC Sm@rtClient for Android", - "version" : { - "version_data" : [ - { - "version_value" : "SIMATIC WinCC Sm@rtClient for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-300: Channel Accessible by Non-Endpoint" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2017-6870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIMATIC WinCC Sm@rtClient for Android", + "version": { + "version_data": [ + { + "version_value": "SIMATIC WinCC Sm@rtClient for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf" - }, - { - "name" : "99582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300: Channel Accessible by Non-Endpoint" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99582" + }, + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11044.json b/2018/11xxx/CVE-2018-11044.json index 15418c4b546..88068698b49 100644 --- a/2018/11xxx/CVE-2018-11044.json +++ b/2018/11xxx/CVE-2018-11044.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-07-23T04:00:00.000Z", - "ID" : "CVE-2018-11044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pivotal Application Service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.2.x ", - "version_value" : "2.2.1 " - }, - { - "affected" : "<", - "version_name" : "2.1.x ", - "version_value" : "2.1.8 " - }, - { - "affected" : "<", - "version_name" : "2.0.x", - "version_value" : "2.0.17" - }, - { - "affected" : "<", - "version_name" : "1.12.x", - "version_value" : "1.12.26" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information exposure" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-07-23T04:00:00.000Z", + "ID": "CVE-2018-11044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pivotal Application Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.2.x ", + "version_value": "2.2.1 " + }, + { + "affected": "<", + "version_name": "2.1.x ", + "version_value": "2.1.8 " + }, + { + "affected": "<", + "version_name": "2.0.x", + "version_value": "2.0.17" + }, + { + "affected": "<", + "version_name": "1.12.x", + "version_value": "1.12.26" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-11044", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-11044" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2018-11044", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-11044" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11309.json b/2018/11xxx/CVE-2018-11309.json index ebda7b29f0d..85a0c08081d 100644 --- a/2018/11xxx/CVE-2018-11309.json +++ b/2018/11xxx/CVE-2018-11309.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.riccardoancarani.it/cve-2018-11309-blind-sql-injection-in-membermouse-plugin/", - "refsource" : "MISC", - "url" : "https://blog.riccardoancarani.it/cve-2018-11309-blind-sql-injection-in-membermouse-plugin/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.riccardoancarani.it/cve-2018-11309-blind-sql-injection-in-membermouse-plugin/", + "refsource": "MISC", + "url": "https://blog.riccardoancarani.it/cve-2018-11309-blind-sql-injection-in-membermouse-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11607.json b/2018/11xxx/CVE-2018-11607.json index f713db4854a..190dbf12c9e 100644 --- a/2018/11xxx/CVE-2018-11607.json +++ b/2018/11xxx/CVE-2018-11607.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11607", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11607", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11632.json b/2018/11xxx/CVE-2018-11632.json index abba47f95a9..f61ea62ac66 100644 --- a/2018/11xxx/CVE-2018-11632.json +++ b/2018/11xxx/CVE-2018-11632.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-add-social-share-messenger-buttons-whatsapp-and-viber-plugin/", - "refsource" : "MISC", - "url" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-add-social-share-messenger-buttons-whatsapp-and-viber-plugin/" - }, - { - "name" : "https://wordpress.org/plugins/add-social-share-buttons/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/add-social-share-buttons/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-add-social-share-messenger-buttons-whatsapp-and-viber-plugin/", + "refsource": "MISC", + "url": "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-add-social-share-messenger-buttons-whatsapp-and-viber-plugin/" + }, + { + "name": "https://wordpress.org/plugins/add-social-share-buttons/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/add-social-share-buttons/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11989.json b/2018/11xxx/CVE-2018-11989.json index 596b9bcb8e5..151dd6ead1e 100644 --- a/2018/11xxx/CVE-2018-11989.json +++ b/2018/11xxx/CVE-2018-11989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14036.json b/2018/14xxx/CVE-2018-14036.json index 7a0a65cd4be..755dc190757 100644 --- a/2018/14xxx/CVE-2018-14036.json +++ b/2018/14xxx/CVE-2018-14036.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2018/07/02/2", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2018/07/02/2" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=107085", - "refsource" : "MISC", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=107085" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1099699", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1099699" - }, - { - "name" : "https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a", - "refsource" : "MISC", - "url" : "https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a" - }, - { - "name" : "104757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a", + "refsource": "MISC", + "url": "https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2018/07/02/2", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2018/07/02/2" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=107085", + "refsource": "MISC", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=107085" + }, + { + "name": "104757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104757" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1099699", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1099699" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14715.json b/2018/14xxx/CVE-2018-14715.json index 6bbec7693d0..5aca9a554c2 100644 --- a/2018/14xxx/CVE-2018-14715.json +++ b/2018/14xxx/CVE-2018-14715.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-cryptogs-an-ethereum-cve-2018-14715-f63a51ac2eb9", - "refsource" : "MISC", - "url" : "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-cryptogs-an-ethereum-cve-2018-14715-f63a51ac2eb9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-cryptogs-an-ethereum-cve-2018-14715-f63a51ac2eb9", + "refsource": "MISC", + "url": "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-cryptogs-an-ethereum-cve-2018-14715-f63a51ac2eb9" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14936.json b/2018/14xxx/CVE-2018-14936.json index 1b2def2cae0..7224a33e22a 100644 --- a/2018/14xxx/CVE-2018-14936.json +++ b/2018/14xxx/CVE-2018-14936.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Add page option in my little forum 2.4.12 allows XSS via the Title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owendarlene.com/stored-xss-my-little-forum/", - "refsource" : "MISC", - "url" : "http://owendarlene.com/stored-xss-my-little-forum/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Add page option in my little forum 2.4.12 allows XSS via the Title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owendarlene.com/stored-xss-my-little-forum/", + "refsource": "MISC", + "url": "http://owendarlene.com/stored-xss-my-little-forum/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14971.json b/2018/14xxx/CVE-2018-14971.json index 8caaa303431..978bf298e90 100644 --- a/2018/14xxx/CVE-2018-14971.json +++ b/2018/14xxx/CVE-2018-14971.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/QCMS/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/QCMS/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/QCMS/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/QCMS/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15019.json b/2018/15xxx/CVE-2018-15019.json index bb8013f2875..78f8d238308 100644 --- a/2018/15xxx/CVE-2018-15019.json +++ b/2018/15xxx/CVE-2018-15019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15019", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15019", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15168.json b/2018/15xxx/CVE-2018-15168.json index db1ef8da345..2aab7152f4e 100644 --- a/2018/15xxx/CVE-2018-15168.json +++ b/2018/15xxx/CVE-2018-15168.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/x-f1v3/ForCve/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/x-f1v3/ForCve/issues/2" - }, - { - "name" : "https://www.manageengine.com/products/applications_manager/issues.html", - "refsource" : "MISC", - "url" : "https://www.manageengine.com/products/applications_manager/issues.html" - }, - { - "name" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/applications_manager/issues.html", + "refsource": "MISC", + "url": "https://www.manageengine.com/products/applications_manager/issues.html" + }, + { + "name": "https://github.com/x-f1v3/ForCve/issues/2", + "refsource": "MISC", + "url": "https://github.com/x-f1v3/ForCve/issues/2" + }, + { + "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15675.json b/2018/15xxx/CVE-2018-15675.json index c23532ca74f..73b78cc753b 100644 --- a/2018/15xxx/CVE-2018-15675.json +++ b/2018/15xxx/CVE-2018-15675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15755.json b/2018/15xxx/CVE-2018-15755.json index 8e7bb7fb701..24d3d4f3ece 100644 --- a/2018/15xxx/CVE-2018-15755.json +++ b/2018/15xxx/CVE-2018-15755.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-10-02T07:00:00.000Z", - "ID" : "CVE-2018-15755", - "STATE" : "PUBLIC", - "TITLE" : "CF networking internal policy server SQL injection" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : " CF Networking Release", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.11.0", - "version_value" : "2.16.0" - } - ] - } - } - ] - }, - "vendor_name" : "Cloud Foundry" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.6, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-10-02T07:00:00.000Z", + "ID": "CVE-2018-15755", + "STATE": "PUBLIC", + "TITLE": "CF networking internal policy server SQL injection" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " CF Networking Release", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.11.0", + "version_value": "2.16.0" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/blog/cve-2018-15755/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2018-15755/" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/blog/cve-2018-15755/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2018-15755/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20240.json b/2018/20xxx/CVE-2018-20240.json index 14dc06bde6a..0a55bb52ed3 100644 --- a/2018/20xxx/CVE-2018-20240.json +++ b/2018/20xxx/CVE-2018-20240.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2019-02-15T00:00:00", - "ID" : "CVE-2018-20240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye and Crucible", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "4.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-02-15T00:00:00", + "ID": "CVE-2018-20240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye and Crucible", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8381", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CRUC-8381" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-7163", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-7163" - }, - { - "name" : "107128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/FE-7163", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-7163" + }, + { + "name": "107128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107128" + }, + { + "name": "https://jira.atlassian.com/browse/CRUC-8381", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CRUC-8381" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20481.json b/2018/20xxx/CVE-2018-20481.json index 78b0cc3742a..9f0418f8c72 100644 --- a/2018/20xxx/CVE-2018-20481.json +++ b/2018/20xxx/CVE-2018-20481.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html" - }, - { - "name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/692", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/692" - }, - { - "name" : "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143" - }, - { - "name" : "USN-3865-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3865-1/" - }, - { - "name" : "106321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.freedesktop.org/poppler/poppler/issues/692", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/692" + }, + { + "name": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143" + }, + { + "name": "USN-3865-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3865-1/" + }, + { + "name": "[debian-lts-announce] 20190308 [SECURITY] [DLA 1706-1] poppler security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html" + }, + { + "name": "106321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106321" + } + ] + } +} \ No newline at end of file