From ac05b0112d32cbb081499acdbb9b346c015fef5e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:27:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0069.json | 210 ++++++++++++++--------------- 2002/0xxx/CVE-2002-0427.json | 150 ++++++++++----------- 2002/0xxx/CVE-2002-0463.json | 150 ++++++++++----------- 2002/0xxx/CVE-2002-0605.json | 180 ++++++++++++------------- 2002/0xxx/CVE-2002-0851.json | 140 +++++++++---------- 2002/0xxx/CVE-2002-0882.json | 170 ++++++++++++------------ 2002/1xxx/CVE-2002-1283.json | 150 ++++++++++----------- 2002/1xxx/CVE-2002-1355.json | 140 +++++++++---------- 2002/1xxx/CVE-2002-1550.json | 130 +++++++++--------- 2002/1xxx/CVE-2002-1571.json | 160 +++++++++++----------- 2002/1xxx/CVE-2002-1720.json | 140 +++++++++---------- 2002/1xxx/CVE-2002-1732.json | 190 +++++++++++++------------- 2002/1xxx/CVE-2002-1756.json | 140 +++++++++---------- 2002/2xxx/CVE-2002-2053.json | 150 ++++++++++----------- 2002/2xxx/CVE-2002-2289.json | 160 +++++++++++----------- 2003/0xxx/CVE-2003-0483.json | 120 ++++++++--------- 2003/0xxx/CVE-2003-0528.json | 210 ++++++++++++++--------------- 2003/0xxx/CVE-2003-0571.json | 34 ++--- 2003/0xxx/CVE-2003-0811.json | 34 ++--- 2005/1xxx/CVE-2005-1147.json | 150 ++++++++++----------- 2009/1xxx/CVE-2009-1475.json | 34 ++--- 2009/5xxx/CVE-2009-5149.json | 150 ++++++++++----------- 2012/0xxx/CVE-2012-0186.json | 130 +++++++++--------- 2012/1xxx/CVE-2012-1272.json | 34 ++--- 2012/1xxx/CVE-2012-1438.json | 130 +++++++++--------- 2012/3xxx/CVE-2012-3152.json | 220 +++++++++++++++--------------- 2012/3xxx/CVE-2012-3225.json | 150 ++++++++++----------- 2012/3xxx/CVE-2012-3350.json | 170 ++++++++++++------------ 2012/3xxx/CVE-2012-3866.json | 180 ++++++++++++------------- 2012/4xxx/CVE-2012-4003.json | 150 ++++++++++----------- 2012/4xxx/CVE-2012-4566.json | 180 ++++++++++++------------- 2012/4xxx/CVE-2012-4851.json | 150 ++++++++++----------- 2012/4xxx/CVE-2012-4919.json | 34 ++--- 2017/2xxx/CVE-2017-2776.json | 34 ++--- 2017/2xxx/CVE-2017-2877.json | 122 ++++++++--------- 2017/6xxx/CVE-2017-6277.json | 132 +++++++++--------- 2017/6xxx/CVE-2017-6407.json | 140 +++++++++---------- 2017/7xxx/CVE-2017-7050.json | 140 +++++++++---------- 2017/7xxx/CVE-2017-7546.json | 236 ++++++++++++++++----------------- 2017/7xxx/CVE-2017-7578.json | 120 ++++++++--------- 2017/7xxx/CVE-2017-7926.json | 130 +++++++++--------- 2018/10xxx/CVE-2018-10105.json | 34 ++--- 2018/10xxx/CVE-2018-10266.json | 120 ++++++++--------- 2018/10xxx/CVE-2018-10416.json | 34 ++--- 2018/14xxx/CVE-2018-14240.json | 34 ++--- 2018/14xxx/CVE-2018-14272.json | 130 +++++++++--------- 2018/14xxx/CVE-2018-14513.json | 120 ++++++++--------- 2018/14xxx/CVE-2018-14691.json | 120 ++++++++--------- 2018/14xxx/CVE-2018-14781.json | 132 +++++++++--------- 2018/14xxx/CVE-2018-14793.json | 132 +++++++++--------- 2018/15xxx/CVE-2018-15098.json | 34 ++--- 2018/15xxx/CVE-2018-15229.json | 34 ++--- 2018/15xxx/CVE-2018-15837.json | 34 ++--- 2018/20xxx/CVE-2018-20218.json | 34 ++--- 2018/20xxx/CVE-2018-20318.json | 120 ++++++++--------- 2018/20xxx/CVE-2018-20732.json | 130 +++++++++--------- 2018/9xxx/CVE-2018-9133.json | 130 +++++++++--------- 2018/9xxx/CVE-2018-9462.json | 34 ++--- 58 files changed, 3540 insertions(+), 3540 deletions(-) diff --git a/2002/0xxx/CVE-2002-0069.json b/2002/0xxx/CVE-2002-0069.json index 46f6ef48e53..9581b4347ba 100644 --- a/2002/0xxx/CVE-2002-0069.json +++ b/2002/0xxx/CVE-2002-0069.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/" - }, - { - "name" : "RHSA-2002:029", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-029.html" - }, - { - "name" : "20020221 Squid HTTP Proxy Security Update Advisory 2002:1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101431040422095&w=2" - }, - { - "name" : "20020222 TSLSA-2002-0031 - squid", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101443252627021&w=2" - }, - { - "name" : "MDKSA-2002:016", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php" - }, - { - "name" : "CSSA-2002-SCO.7", - "refsource" : "CALDERA", - "url" : "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html" - }, - { - "name" : "CLA-2002:464", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464" - }, - { - "name" : "FreeBSD-SA-02:12", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc" - }, - { - "name" : "squid-snmp-dos(8260)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8260.php" - }, - { - "name" : "4146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/" + }, + { + "name": "CLA-2002:464", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464" + }, + { + "name": "MDKSA-2002:016", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php" + }, + { + "name": "20020222 TSLSA-2002-0031 - squid", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101443252627021&w=2" + }, + { + "name": "FreeBSD-SA-02:12", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc" + }, + { + "name": "CSSA-2002-SCO.7", + "refsource": "CALDERA", + "url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html" + }, + { + "name": "squid-snmp-dos(8260)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8260.php" + }, + { + "name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101431040422095&w=2" + }, + { + "name": "RHSA-2002:029", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-029.html" + }, + { + "name": "4146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4146" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0427.json b/2002/0xxx/CVE-2002-0427.json index f749f7cea39..194f93c99c9 100644 --- a/2002/0xxx/CVE-2002-0427.json +++ b/2002/0xxx/CVE-2002-0427.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2002:021", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-021.php" - }, - { - "name" : "FreeBSD-SA-02:17", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:17.mod_frontpage.asc" - }, - { - "name" : "4251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4251" - }, - { - "name" : "apache-modfrontpage-bo(8400)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8400.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4251" + }, + { + "name": "apache-modfrontpage-bo(8400)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8400.php" + }, + { + "name": "MDKSA-2002:021", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-021.php" + }, + { + "name": "FreeBSD-SA-02:17", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:17.mod_frontpage.asc" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0463.json b/2002/0xxx/CVE-2002-0463.json index 32f7e22d2bc..cf06a2c5929 100644 --- a/2002/0xxx/CVE-2002-0463.json +++ b/2002/0xxx/CVE-2002-0463.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020319 Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/262802" - }, - { - "name" : "20020316 [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/262652" - }, - { - "name" : "4307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4307" - }, - { - "name" : "arsc-language-path-disclosure(8472)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8472.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "arsc-language-path-disclosure(8472)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8472.php" + }, + { + "name": "20020319 Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/262802" + }, + { + "name": "4307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4307" + }, + { + "name": "20020316 [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/262652" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0605.json b/2002/0xxx/CVE-2002-0605.json index 58ddda6954e..d576efa65aa 100644 --- a/2002/0xxx/CVE-2002-0605.json +++ b/2002/0xxx/CVE-2002-0605.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020503 Macromedia Flash Activex Buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102039374017185&w=2" - }, - { - "name" : "20020503 Macromedia Flash Activex Buffer overflow", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=102038919414726&w=2" - }, - { - "name" : "20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html" - }, - { - "name" : "http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm" - }, - { - "name" : "flash-activex-movie-bo(8993)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8993.php" - }, - { - "name" : "4664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4664" - }, - { - "name" : "5177", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4664" + }, + { + "name": "20020503 Macromedia Flash Activex Buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102039374017185&w=2" + }, + { + "name": "20020503 Macromedia Flash Activex Buffer overflow", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=102038919414726&w=2" + }, + { + "name": "20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html" + }, + { + "name": "http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm" + }, + { + "name": "5177", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5177" + }, + { + "name": "flash-activex-movie-bo(8993)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8993.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0851.json b/2002/0xxx/CVE-2002-0851.json index 885269ec1a4..ac167416af8 100644 --- a/2002/0xxx/CVE-2002-0851.json +++ b/2002/0xxx/CVE-2002-0851.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020809 Local Root Exploit", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html" - }, - { - "name" : "isdn4linux-ipppd-format-string(9811)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9811.php" - }, - { - "name" : "5437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "isdn4linux-ipppd-format-string(9811)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9811.php" + }, + { + "name": "20020809 Local Root Exploit", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html" + }, + { + "name": "5437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5437" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0882.json b/2002/0xxx/CVE-2002-0882.json index 675764e2b34..2482508538c 100644 --- a/2002/0xxx/CVE-2002-0882.json +++ b/2002/0xxx/CVE-2002-0882.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020522 Multiple Vulnerabilities in CISCO VoIP Phones", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/273673" - }, - { - "name" : "20020522 Multiple Vulnerabilities in Cisco IP Telephones", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml" - }, - { - "name" : "4794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4794" - }, - { - "name" : "cisco-ipphone-portinformation(9143)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9143.php" - }, - { - "name" : "cisco-ipphone-streamingstatistics-dos(9142)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9142.php" - }, - { - "name" : "4798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020522 Multiple Vulnerabilities in CISCO VoIP Phones", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/273673" + }, + { + "name": "4794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4794" + }, + { + "name": "20020522 Multiple Vulnerabilities in Cisco IP Telephones", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml" + }, + { + "name": "4798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4798" + }, + { + "name": "cisco-ipphone-streamingstatistics-dos(9142)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9142.php" + }, + { + "name": "cisco-ipphone-portinformation(9143)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9143.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1283.json b/2002/1xxx/CVE-2002-1283.json index f2d63daab11..ae51183baa6 100644 --- a/2002/1xxx/CVE-2002-1283.json +++ b/2002/1xxx/CVE-2002-1283.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021111 NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103703760321408&w=2" - }, - { - "name" : "http://support.novell.com/servlet/tidfinder/2963651", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/servlet/tidfinder/2963651" - }, - { - "name" : "6154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6154" - }, - { - "name" : "novell-imanager-dnattribute-dos(44969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "novell-imanager-dnattribute-dos(44969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44969" + }, + { + "name": "6154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6154" + }, + { + "name": "20021111 NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103703760321408&w=2" + }, + { + "name": "http://support.novell.com/servlet/tidfinder/2963651", + "refsource": "CONFIRM", + "url": "http://support.novell.com/servlet/tidfinder/2963651" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1355.json b/2002/1xxx/CVE-2002-1355.json index 36f7910af6b..16b1717df03 100644 --- a/2002/1xxx/CVE-2002-1355.json +++ b/2002/1xxx/CVE-2002-1355.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00007.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00007.html" - }, - { - "name" : "http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-bgp.c.diff?r1=1.68&r2=1.69", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-bgp.c.diff?r1=1.68&r2=1.69" - }, - { - "name" : "RHSA-2002:290", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-290.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2002:290", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-290.html" + }, + { + "name": "http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-bgp.c.diff?r1=1.68&r2=1.69", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-bgp.c.diff?r1=1.68&r2=1.69" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00007.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00007.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1550.json b/2002/1xxx/CVE-2002-1550.json index bee37d50eb1..df2e8c8d984 100644 --- a/2002/1xxx/CVE-2002-1550.json +++ b/2002/1xxx/CVE-2002-1550.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY34617", - "refsource" : "AIXAPAR", - "url" : "http://archives.neohapsis.com/archives/aix/2002-q4/0002.html" - }, - { - "name" : "8802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY34617", + "refsource": "AIXAPAR", + "url": "http://archives.neohapsis.com/archives/aix/2002-q4/0002.html" + }, + { + "name": "8802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8802" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1571.json b/2002/1xxx/CVE-2002-1571.json index 77e55b5a16b..c4363cbe61e 100644 --- a/2002/1xxx/CVE-2002-1571.json +++ b/2002/1xxx/CVE-2002-1571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20020417 SSE related security hole", - "refsource" : "MLIST", - "url" : "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html" - }, - { - "name" : "[linux-kernel] 20020417 Re: SSE related security hole", - "refsource" : "MLIST", - "url" : "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html" - }, - { - "name" : "[linux-kernel] 20020418 Re: SSE related security hole", - "refsource" : "MLIST", - "url" : "http://search.luky.org/linux-kernel.2002/msg24003.html" - }, - { - "name" : "[linux-kernel] 20020422 Re: SSE related security hole", - "refsource" : "MLIST", - "url" : "http://search.luky.org/linux-kernel.2002/msg24992.html" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-kernel] 20020418 Re: SSE related security hole", + "refsource": "MLIST", + "url": "http://search.luky.org/linux-kernel.2002/msg24003.html" + }, + { + "name": "[linux-kernel] 20020417 Re: SSE related security hole", + "refsource": "MLIST", + "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0760.html" + }, + { + "name": "[linux-kernel] 20020422 Re: SSE related security hole", + "refsource": "MLIST", + "url": "http://search.luky.org/linux-kernel.2002/msg24992.html" + }, + { + "name": "[linux-kernel] 20020417 SSE related security hole", + "refsource": "MLIST", + "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-15/0628.html" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/i387.c@1.6" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1720.json b/2002/1xxx/CVE-2002-1720.json index 1b0a66e6a80..50fdca3700e 100644 --- a/2002/1xxx/CVE-2002-1720.json +++ b/2002/1xxx/CVE-2002-1720.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/5VP030K75G.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5VP030K75G.html" - }, - { - "name" : "spooky-login-sql-injection(8991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8991" - }, - { - "name" : "4661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4661" + }, + { + "name": "spooky-login-sql-injection(8991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8991" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5VP030K75G.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5VP030K75G.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1732.json b/2002/1xxx/CVE-2002-1732.json index a64b894619d..27f39fa617f 100644 --- a/2002/1xxx/CVE-2002-1732.json +++ b/2002/1xxx/CVE-2002-1732.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060720 vendor ack/fix: Actinic Catalog Unspecified .pl Files XSS (fwd)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-July/000929.html" - }, - { - "name" : "4042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4042" - }, - { - "name" : "27095", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27095" - }, - { - "name" : "27096", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27096" - }, - { - "name" : "27097", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27097" - }, - { - "name" : "27098", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27098" - }, - { - "name" : "1003502", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003502" - }, - { - "name" : "actinic-html-tags-css(8180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "actinic-html-tags-css(8180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8180" + }, + { + "name": "1003502", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003502" + }, + { + "name": "27095", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27095" + }, + { + "name": "20060720 vendor ack/fix: Actinic Catalog Unspecified .pl Files XSS (fwd)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-July/000929.html" + }, + { + "name": "27097", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27097" + }, + { + "name": "4042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4042" + }, + { + "name": "27098", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27098" + }, + { + "name": "27096", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27096" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1756.json b/2002/1xxx/CVE-2002-1756.json index 8c22633f254..d0b908289ce 100644 --- a/2002/1xxx/CVE-2002-1756.json +++ b/2002/1xxx/CVE-2002-1756.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020510 Possible Buffer Overflow in ACDSee 4.0", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/271963" - }, - { - "name" : "4719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4719" - }, - { - "name" : "acdsee-ais-description-bo(9052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020510 Possible Buffer Overflow in ACDSee 4.0", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/271963" + }, + { + "name": "acdsee-ais-description-bo(9052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9052" + }, + { + "name": "4719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4719" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2053.json b/2002/2xxx/CVE-2002-2053.json index 7d445fd915b..ecdf3dae3da 100644 --- a/2002/2xxx/CVE-2002-2053.json +++ b/2002/2xxx/CVE-2002-2053.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020605 Three possible DoS attacks against some IOS versions.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0027.html" - }, - { - "name" : "20020606 Re: Three possible DoS attacks against some IOS versions.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0050.html" - }, - { - "name" : "4949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4949" - }, - { - "name" : "cisco-ios-hsrp-loop-dos(9283)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9283.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020605 Three possible DoS attacks against some IOS versions.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0027.html" + }, + { + "name": "4949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4949" + }, + { + "name": "20020606 Re: Three possible DoS attacks against some IOS versions.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0050.html" + }, + { + "name": "cisco-ios-hsrp-loop-dos(9283)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9283.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2289.json b/2002/2xxx/CVE-2002-2289.json index 8af5e2a9e22..d2b7bf2e625 100644 --- a/2002/2xxx/CVE-2002-2289.json +++ b/2002/2xxx/CVE-2002-2289.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021124 BadBlue XSS/Information Disclosure Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0329.html" - }, - { - "name" : "20021124 BadBlue XSS/Information Disclosure Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/300992" - }, - { - "name" : "6243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6243" - }, - { - "name" : "3243", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3243" - }, - { - "name" : "badblue-soinfo-odbc-passwords(10690)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "badblue-soinfo-odbc-passwords(10690)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10690" + }, + { + "name": "6243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6243" + }, + { + "name": "20021124 BadBlue XSS/Information Disclosure Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0329.html" + }, + { + "name": "20021124 BadBlue XSS/Information Disclosure Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/300992" + }, + { + "name": "3243", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3243" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0483.json b/2003/0xxx/CVE-2003-0483.json index 39114c6b12f..c162bfec150 100644 --- a/2003/0xxx/CVE-2003-0483.json +++ b/2003/0xxx/CVE-2003-0483.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030623 Many XSS Vulnerabilities in XMB Forum.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105638720409307&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030623 Many XSS Vulnerabilities in XMB Forum.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105638720409307&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0528.json b/2003/0xxx/CVE-2003-0528.json index 4ecbb0aed50..483b1a4f8e7 100644 --- a/2003/0xxx/CVE-2003-0528.json +++ b/2003/0xxx/CVE-2003-0528.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030911 NSFOCUS SA2003-06 : Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0100.html" - }, - { - "name" : "http://www.nsfocus.com/english/homepage/research/0306.htm", - "refsource" : "MISC", - "url" : "http://www.nsfocus.com/english/homepage/research/0306.htm" - }, - { - "name" : "20030920 The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106407417011430&w=2" - }, - { - "name" : "MS03-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039" - }, - { - "name" : "CA-2003-23", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-23.html" - }, - { - "name" : "VU#254236", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/254236" - }, - { - "name" : "oval:org.mitre.oval:def:127", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A127" - }, - { - "name" : "oval:org.mitre.oval:def:2884", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2884" - }, - { - "name" : "oval:org.mitre.oval:def:2968", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2968" - }, - { - "name" : "oval:org.mitre.oval:def:3966", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2003-23", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-23.html" + }, + { + "name": "oval:org.mitre.oval:def:2884", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2884" + }, + { + "name": "http://www.nsfocus.com/english/homepage/research/0306.htm", + "refsource": "MISC", + "url": "http://www.nsfocus.com/english/homepage/research/0306.htm" + }, + { + "name": "oval:org.mitre.oval:def:127", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A127" + }, + { + "name": "20030920 The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106407417011430&w=2" + }, + { + "name": "oval:org.mitre.oval:def:3966", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3966" + }, + { + "name": "oval:org.mitre.oval:def:2968", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2968" + }, + { + "name": "20030911 NSFOCUS SA2003-06 : Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0100.html" + }, + { + "name": "MS03-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039" + }, + { + "name": "VU#254236", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/254236" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0571.json b/2003/0xxx/CVE-2003-0571.json index ea71315565a..33602c88455 100644 --- a/2003/0xxx/CVE-2003-0571.json +++ b/2003/0xxx/CVE-2003-0571.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0571", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0571", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0811.json b/2003/0xxx/CVE-2003-0811.json index 2cc06eefd47..124d77108b2 100644 --- a/2003/0xxx/CVE-2003-0811.json +++ b/2003/0xxx/CVE-2003-0811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0811", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0811", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1147.json b/2005/1xxx/CVE-2005-1147.json index 4ba4bcf85c1..fd1cff0a14e 100644 --- a/2005/1xxx/CVE-2005-1147.json +++ b/2005/1xxx/CVE-2005-1147.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.snkenjoi.com/secadv/secadv3.txt", - "refsource" : "MISC", - "url" : "http://www.snkenjoi.com/secadv/secadv3.txt" - }, - { - "name" : "15546", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15546" - }, - { - "name" : "1013705", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013705" - }, - { - "name" : "calendarscript-path-disclosure(20102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15546", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15546" + }, + { + "name": "1013705", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013705" + }, + { + "name": "http://www.snkenjoi.com/secadv/secadv3.txt", + "refsource": "MISC", + "url": "http://www.snkenjoi.com/secadv/secadv3.txt" + }, + { + "name": "calendarscript-path-disclosure(20102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20102" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1475.json b/2009/1xxx/CVE-2009-1475.json index 3308ea3bb87..eff2534e2bb 100644 --- a/2009/1xxx/CVE-2009-1475.json +++ b/2009/1xxx/CVE-2009-1475.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1475", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1475", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5149.json b/2009/5xxx/CVE-2009-5149.json index 4b42e52e297..3f3355144ed 100644 --- a/2009/5xxx/CVE-2009-5149.json +++ b/2009/5xxx/CVE-2009-5149.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a \"password of the day\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-5149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.borfast.com/projects/arris-password-of-the-day-generator/", - "refsource" : "MISC", - "url" : "http://www.borfast.com/projects/arris-password-of-the-day-generator/" - }, - { - "name" : "https://github.com/borfast/arrispwgen", - "refsource" : "MISC", - "url" : "https://github.com/borfast/arrispwgen" - }, - { - "name" : "https://play.google.com/store/apps/details?id=me.harrygonzalez.arrispod", - "refsource" : "MISC", - "url" : "https://play.google.com/store/apps/details?id=me.harrygonzalez.arrispod" - }, - { - "name" : "VU#419568", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/419568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a \"password of the day\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.borfast.com/projects/arris-password-of-the-day-generator/", + "refsource": "MISC", + "url": "http://www.borfast.com/projects/arris-password-of-the-day-generator/" + }, + { + "name": "VU#419568", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/419568" + }, + { + "name": "https://github.com/borfast/arrispwgen", + "refsource": "MISC", + "url": "https://github.com/borfast/arrispwgen" + }, + { + "name": "https://play.google.com/store/apps/details?id=me.harrygonzalez.arrispod", + "refsource": "MISC", + "url": "https://play.google.com/store/apps/details?id=me.harrygonzalez.arrispod" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0186.json b/2012/0xxx/CVE-2012-0186.json index cfef0e67b1c..078ae541879 100644 --- a/2012/0xxx/CVE-2012-0186.json +++ b/2012/0xxx/CVE-2012-0186.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21575642", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21575642" - }, - { - "name" : "lotusexpeditor-ehelp-dir-traversal(72096)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21575642", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21575642" + }, + { + "name": "lotusexpeditor-ehelp-dir-traversal(72096)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72096" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1272.json b/2012/1xxx/CVE-2012-1272.json index d977a0aed35..e495e3eccc6 100644 --- a/2012/1xxx/CVE-2012-1272.json +++ b/2012/1xxx/CVE-2012-1272.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1272", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1272", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1438.json b/2012/1xxx/CVE-2012-1438.json index d0e4e0b1738..f7c1cfeda51 100644 --- a/2012/1xxx/CVE-2012-1438.json +++ b/2012/1xxx/CVE-2012-1438.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3152.json b/2012/3xxx/CVE-2012-3152.json index fb662ca2508..6d44c285873 100644 --- a/2012/3xxx/CVE-2012-3152.json +++ b/2012/3xxx/CVE-2012-3152.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31253", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31253" - }, - { - "name" : "20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jan/186" - }, - { - "name" : "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/", - "refsource" : "MISC", - "url" : "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/" - }, - { - "name" : "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/", - "refsource" : "MISC", - "url" : "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/" - }, - { - "name" : "http://www.youtube.com/watch?v=NinvMDOj7sM", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=NinvMDOj7sM" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "55955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55955" - }, - { - "name" : "86394", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/86394" - }, - { - "name" : "86395", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/86395" - }, - { - "name" : "fusionmiddleware-reports-cve20123152(79295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/", + "refsource": "MISC", + "url": "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/" + }, + { + "name": "31253", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31253" + }, + { + "name": "86394", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/86394" + }, + { + "name": "55955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55955" + }, + { + "name": "86395", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/86395" + }, + { + "name": "http://www.youtube.com/watch?v=NinvMDOj7sM", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=NinvMDOj7sM" + }, + { + "name": "20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jan/186" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "fusionmiddleware-reports-cve20123152(79295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79295" + }, + { + "name": "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/", + "refsource": "MISC", + "url": "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3225.json b/2012/3xxx/CVE-2012-3225.json index de553d7197d..8ecf89493c6 100644 --- a/2012/3xxx/CVE-2012-3225.json +++ b/2012/3xxx/CVE-2012-3225.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and integrity, related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "51019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51019" - }, - { - "name" : "flexcubedirectbanking-base-cve20123225(79358)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and integrity, related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "51019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51019" + }, + { + "name": "flexcubedirectbanking-base-cve20123225(79358)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79358" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3350.json b/2012/3xxx/CVE-2012-3350.json index 3f88d566de8..2db08346305 100644 --- a/2012/3xxx/CVE-2012-3350.json +++ b/2012/3xxx/CVE-2012-3350.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120704 Blind SQL Injection in Webmatic", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0026.html" - }, - { - "name" : "19629", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/19629" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23096", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23096" - }, - { - "name" : "54287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54287" - }, - { - "name" : "83538", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83538" - }, - { - "name" : "webmatic-referer-sql-injection(76774)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23096", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23096" + }, + { + "name": "webmatic-referer-sql-injection(76774)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76774" + }, + { + "name": "83538", + "refsource": "OSVDB", + "url": "http://osvdb.org/83538" + }, + { + "name": "20120704 Blind SQL Injection in Webmatic", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0026.html" + }, + { + "name": "19629", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/19629" + }, + { + "name": "54287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54287" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3866.json b/2012/3xxx/CVE-2012-3866.json index 55215582a79..e73c1236e40 100644 --- a/2012/3xxx/CVE-2012-3866.json +++ b/2012/3xxx/CVE-2012-3866.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://puppetlabs.com/security/cve/cve-2012-3866/", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2012-3866/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=839135", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=839135" - }, - { - "name" : "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f", - "refsource" : "CONFIRM", - "url" : "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f" - }, - { - "name" : "DSA-2511", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2511" - }, - { - "name" : "openSUSE-SU-2012:0891", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" - }, - { - "name" : "USN-1506-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1506-1" - }, - { - "name" : "50014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f", + "refsource": "CONFIRM", + "url": "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f" + }, + { + "name": "DSA-2511", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2511" + }, + { + "name": "USN-1506-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1506-1" + }, + { + "name": "50014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50014" + }, + { + "name": "openSUSE-SU-2012:0891", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" + }, + { + "name": "http://puppetlabs.com/security/cve/cve-2012-3866/", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2012-3866/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=839135", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839135" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4003.json b/2012/4xxx/CVE-2012-4003.json index 1ee55579932..9ceeabdfbe6 100644 --- a/2012/4xxx/CVE-2012-4003.json +++ b/2012/4xxx/CVE-2012-4003.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120712 GLPI 0.83.2 CVE-2012-4002 CSRF and CVE-2012-4003 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/13/1" - }, - { - "name" : "https://forge.indepnet.net/issues/3705", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/issues/3705" - }, - { - "name" : "https://forge.indepnet.net/projects/glpi/versions/771", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/projects/glpi/versions/771" - }, - { - "name" : "MDVSA-2012:132", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forge.indepnet.net/issues/3705", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/issues/3705" + }, + { + "name": "[oss-security] 20120712 GLPI 0.83.2 CVE-2012-4002 CSRF and CVE-2012-4003 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/13/1" + }, + { + "name": "MDVSA-2012:132", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:132" + }, + { + "name": "https://forge.indepnet.net/projects/glpi/versions/771", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/projects/glpi/versions/771" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4566.json b/2012/4xxx/CVE-2012-4566.json index 6cd87bb9f33..456bfa7e90f 100644 --- a/2012/4xxx/CVE-2012-4566.json +++ b/2012/4xxx/CVE-2012-4566.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/17/7" - }, - { - "name" : "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/31/6" - }, - { - "name" : "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification", - "refsource" : "MLIST", - "url" : "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html" - }, - { - "name" : "[radsecproxy] 20121025 Radsecproxy 1.6.1 is out", - "refsource" : "MLIST", - "url" : "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html" - }, - { - "name" : "http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680", - "refsource" : "CONFIRM", - "url" : "http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680" - }, - { - "name" : "DSA-2573", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2573" - }, - { - "name" : "51251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[radsecproxy] 20121025 Radsecproxy 1.6.1 is out", + "refsource": "MLIST", + "url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html" + }, + { + "name": "51251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51251" + }, + { + "name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/31/6" + }, + { + "name": "DSA-2573", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2573" + }, + { + "name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification", + "refsource": "MLIST", + "url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html" + }, + { + "name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/17/7" + }, + { + "name": "http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680", + "refsource": "CONFIRM", + "url": "http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4851.json b/2012/4xxx/CVE-2012-4851.json index ee14f603f28..7ae0ac904e0 100644 --- a/2012/4xxx/CVE-2012-4851.json +++ b/2012/4xxx/CVE-2012-4851.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21614265", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21614265" - }, - { - "name" : "PM68643", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM68643" - }, - { - "name" : "56423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56423" - }, - { - "name" : "was-libertyprofile-xss(79541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "was-libertyprofile-xss(79541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79541" + }, + { + "name": "PM68643", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM68643" + }, + { + "name": "56423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56423" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21614265", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21614265" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4919.json b/2012/4xxx/CVE-2012-4919.json index a404e212452..0d32279b375 100644 --- a/2012/4xxx/CVE-2012-4919.json +++ b/2012/4xxx/CVE-2012-4919.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4919", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4919", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2776.json b/2017/2xxx/CVE-2017-2776.json index 0729b78624c..13fcbf837ca 100644 --- a/2017/2xxx/CVE-2017-2776.json +++ b/2017/2xxx/CVE-2017-2776.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2776", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2776", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2877.json b/2017/2xxx/CVE-2017-2877.json index acd6c458c16..cf9c57bab49 100644 --- a/2017/2xxx/CVE-2017-2877.json +++ b/2017/2xxx/CVE-2017-2877.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-2877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foscam C1 Indoor HD Camera", - "version" : { - "version_data" : [ - { - "version_value" : "Foscam Indoor IP Camera C1 Series,System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Report of Error Condition" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-2877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foscam C1 Indoor HD Camera", + "version": { + "version_data": [ + { + "version_value": "Foscam Indoor IP Camera C1 Series,System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0384", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Report of Error Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0384", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0384" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6277.json b/2017/6xxx/CVE-2017-6277.json index f7a262f6975..5746d6eddf6 100644 --- a/2017/6xxx/CVE-2017-6277.json +++ b/2017/6xxx/CVE-2017-6277.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-09-21T00:00:00", - "ID" : "CVE-2017-6277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-09-21T00:00:00", + "ID": "CVE-2017-6277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544" - }, - { - "name" : "101004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544" + }, + { + "name": "101004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101004" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6407.json b/2017/6xxx/CVE-2017-6407.json index bdc08fc2e70..ad2142d752f 100644 --- a/2017/6xxx/CVE-2017-6407.json +++ b/2017/6xxx/CVE-2017-6407.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1" - }, - { - "name" : "96489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96489" - }, - { - "name" : "1037950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1" + }, + { + "name": "1037950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037950" + }, + { + "name": "96489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96489" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7050.json b/2017/7xxx/CVE-2017-7050.json index 24195fa9370..ddcd71d9e5d 100644 --- a/2017/7xxx/CVE-2017-7050.json +++ b/2017/7xxx/CVE-2017-7050.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207922", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207922" - }, - { - "name" : "99882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99882" - }, - { - "name" : "1038951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038951" + }, + { + "name": "99882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99882" + }, + { + "name": "https://support.apple.com/HT207922", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207922" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7546.json b/2017/7xxx/CVE-2017-7546.json index b631fea74ce..a84f95996d5 100644 --- a/2017/7xxx/CVE-2017-7546.json +++ b/2017/7xxx/CVE-2017-7546.json @@ -1,120 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-08-10T00:00:00", - "ID" : "CVE-2017-7546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.x before 9.2.22" - }, - { - "version_value" : "9.3.x before 9.3.18" - }, - { - "version_value" : "9.4.x before 9.4.13" - }, - { - "version_value" : "9.5.x before 9.5.8" - }, - { - "version_value" : "9.6.x before 9.6.4" - } - ] - } - } - ] - }, - "vendor_name" : "PostgreSQL" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-08-10T00:00:00", + "ID": "CVE-2017-7546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "9.2.x before 9.2.22" + }, + { + "version_value": "9.3.x before 9.3.18" + }, + { + "version_value": "9.4.x before 9.4.13" + }, + { + "version_value": "9.5.x before 9.5.8" + }, + { + "version_value": "9.6.x before 9.6.4" + } + ] + } + } + ] + }, + "vendor_name": "PostgreSQL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.postgresql.org/about/news/1772/", - "refsource" : "CONFIRM", - "url" : "https://www.postgresql.org/about/news/1772/" - }, - { - "name" : "DSA-3936", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3936" - }, - { - "name" : "DSA-3935", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3935" - }, - { - "name" : "GLSA-201710-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-06" - }, - { - "name" : "RHSA-2017:2860", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2860" - }, - { - "name" : "RHSA-2017:2728", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2728" - }, - { - "name" : "RHSA-2017:2677", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2677" - }, - { - "name" : "RHSA-2017:2678", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2678" - }, - { - "name" : "100278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100278" - }, - { - "name" : "1039142", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2728", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2728" + }, + { + "name": "DSA-3936", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3936" + }, + { + "name": "RHSA-2017:2678", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2678" + }, + { + "name": "RHSA-2017:2860", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2860" + }, + { + "name": "100278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100278" + }, + { + "name": "DSA-3935", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3935" + }, + { + "name": "1039142", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039142" + }, + { + "name": "https://www.postgresql.org/about/news/1772/", + "refsource": "CONFIRM", + "url": "https://www.postgresql.org/about/news/1772/" + }, + { + "name": "GLSA-201710-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-06" + }, + { + "name": "RHSA-2017:2677", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2677" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7578.json b/2017/7xxx/CVE-2017-7578.json index bbf8a63d855..5f55717e837 100644 --- a/2017/7xxx/CVE-2017-7578.json +++ b/2017/7xxx/CVE-2017-7578.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/68", - "refsource" : "CONFIRM", - "url" : "https://github.com/libming/libming/issues/68" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/68", + "refsource": "CONFIRM", + "url": "https://github.com/libming/libming/issues/68" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7926.json b/2017/7xxx/CVE-2017-7926.json index f83bccf80d1..a3b76b557a3 100644 --- a/2017/7xxx/CVE-2017-7926.json +++ b/2017/7xxx/CVE-2017-7926.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSIsoft PI Web API 2017", - "version" : { - "version_data" : [ - { - "version_value" : "OSIsoft PI Web API 2017" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Web API 2017", + "version": { + "version_data": [ + { + "version_value": "OSIsoft PI Web API 2017" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-03" - }, - { - "name" : "99058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-03" + }, + { + "name": "99058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99058" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10105.json b/2018/10xxx/CVE-2018-10105.json index ddefdc1f4ba..5f20b7e1b2a 100644 --- a/2018/10xxx/CVE-2018-10105.json +++ b/2018/10xxx/CVE-2018-10105.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10105", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10105", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10266.json b/2018/10xxx/CVE-2018-10266.json index 37a24edc6d0..b1b1992aa3b 100644 --- a/2018/10xxx/CVE-2018-10266.json +++ b/2018/10xxx/CVE-2018-10266.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/source-trace/beescms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/source-trace/beescms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/source-trace/beescms/issues/1", + "refsource": "MISC", + "url": "https://github.com/source-trace/beescms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10416.json b/2018/10xxx/CVE-2018-10416.json index 45d5ad36b62..53ba893b134 100644 --- a/2018/10xxx/CVE-2018-10416.json +++ b/2018/10xxx/CVE-2018-10416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14240.json b/2018/14xxx/CVE-2018-14240.json index 78aba63c69a..a78766e9f57 100644 --- a/2018/14xxx/CVE-2018-14240.json +++ b/2018/14xxx/CVE-2018-14240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14272.json b/2018/14xxx/CVE-2018-14272.json index ef4b50024f3..be889a0271a 100644 --- a/2018/14xxx/CVE-2018-14272.json +++ b/2018/14xxx/CVE-2018-14272.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6035." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-732", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-732" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6035." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-732", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-732" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14513.json b/2018/14xxx/CVE-2018-14513.json index 1d9913bb1dc..d3cebb1a50b 100644 --- a/2018/14xxx/CVE-2018-14513.json +++ b/2018/14xxx/CVE-2018-14513.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuzhicms/wuzhicms/issues/145", - "refsource" : "MISC", - "url" : "https://github.com/wuzhicms/wuzhicms/issues/145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wuzhicms/wuzhicms/issues/145", + "refsource": "MISC", + "url": "https://github.com/wuzhicms/wuzhicms/issues/145" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14691.json b/2018/14xxx/CVE-2018-14691.json index 9fa9b1f501d..b70503a2b83 100644 --- a/2018/14xxx/CVE-2018-14691.json +++ b/2018/14xxx/CVE-2018-14691.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14781.json b/2018/14xxx/CVE-2018-14781.json index 01a4338d54e..735e0cb6f9b 100644 --- a/2018/14xxx/CVE-2018-14781.json +++ b/2018/14xxx/CVE-2018-14781.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-08T00:00:00", - "ID" : "CVE-2018-14781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Medtronic insulin pump", - "version" : { - "version_data" : [ - { - "version_value" : "MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the \"easy bolus\" and \"remote bolus\" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-08T00:00:00", + "ID": "CVE-2018-14781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Medtronic insulin pump", + "version": { + "version_data": [ + { + "version_value": "MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02" - }, - { - "name" : "105044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the \"easy bolus\" and \"remote bolus\" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02" + }, + { + "name": "105044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105044" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14793.json b/2018/14xxx/CVE-2018-14793.json index 12a3336ad00..0c500b63092 100644 --- a/2018/14xxx/CVE-2018-14793.json +++ b/2018/14xxx/CVE-2018-14793.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-16T00:00:00", - "ID" : "CVE-2018-14793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DeltaV", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-16T00:00:00", + "ID": "CVE-2018-14793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DeltaV", + "version": { + "version_data": [ + { + "version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01" - }, - { - "name" : "105105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01" + }, + { + "name": "105105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105105" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15098.json b/2018/15xxx/CVE-2018-15098.json index bf5f4ecb7db..4988f4bfe71 100644 --- a/2018/15xxx/CVE-2018-15098.json +++ b/2018/15xxx/CVE-2018-15098.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15098", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15098", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15229.json b/2018/15xxx/CVE-2018-15229.json index 6f925e627ec..8d6ee666c4f 100644 --- a/2018/15xxx/CVE-2018-15229.json +++ b/2018/15xxx/CVE-2018-15229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15837.json b/2018/15xxx/CVE-2018-15837.json index 8accbffab08..bfac6c53980 100644 --- a/2018/15xxx/CVE-2018-15837.json +++ b/2018/15xxx/CVE-2018-15837.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15837", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15837", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20218.json b/2018/20xxx/CVE-2018-20218.json index f2ed1216817..562457c6c8a 100644 --- a/2018/20xxx/CVE-2018-20218.json +++ b/2018/20xxx/CVE-2018-20218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20318.json b/2018/20xxx/CVE-2018-20318.json index 2d4e59b87f2..4b061a038f2 100644 --- a/2018/20xxx/CVE-2018-20318.json +++ b/2018/20xxx/CVE-2018-20318.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Wechat-Group/weixin-java-tools/issues/889", - "refsource" : "MISC", - "url" : "https://github.com/Wechat-Group/weixin-java-tools/issues/889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Wechat-Group/weixin-java-tools/issues/889", + "refsource": "MISC", + "url": "https://github.com/Wechat-Group/weixin-java-tools/issues/889" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20732.json b/2018/20xxx/CVE-2018-20732.json index 5060bdeb369..48e546be40f 100644 --- a/2018/20xxx/CVE-2018-20732.json +++ b/2018/20xxx/CVE-2018-20732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.sas.com/kb/63/391.html", - "refsource" : "MISC", - "url" : "https://support.sas.com/kb/63/391.html" - }, - { - "name" : "106648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106648" + }, + { + "name": "https://support.sas.com/kb/63/391.html", + "refsource": "MISC", + "url": "https://support.sas.com/kb/63/391.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9133.json b/2018/9xxx/CVE-2018-9133.json index bb7755ea038..0d59d2e487d 100644 --- a/2018/9xxx/CVE-2018-9133.json +++ b/2018/9xxx/CVE-2018-9133.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1072", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1072" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1072", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1072" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9462.json b/2018/9xxx/CVE-2018-9462.json index 9010e48e075..5609f6a0950 100644 --- a/2018/9xxx/CVE-2018-9462.json +++ b/2018/9xxx/CVE-2018-9462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9462", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9462", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file