From afec2807c6b7f28cce3dbf32f64e0b4607cc7263 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:53:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0285.json | 140 ++++----- 2002/0xxx/CVE-2002-0405.json | 140 ++++----- 2002/0xxx/CVE-2002-0754.json | 140 ++++----- 2002/0xxx/CVE-2002-0767.json | 140 ++++----- 2002/0xxx/CVE-2002-0838.json | 290 +++++++++--------- 2002/1xxx/CVE-2002-1219.json | 290 +++++++++--------- 2002/1xxx/CVE-2002-1238.json | 160 +++++----- 2002/1xxx/CVE-2002-1600.json | 150 +++++----- 2002/1xxx/CVE-2002-1919.json | 140 ++++----- 2002/1xxx/CVE-2002-1980.json | 140 ++++----- 2002/2xxx/CVE-2002-2020.json | 140 ++++----- 2002/2xxx/CVE-2002-2078.json | 160 +++++----- 2002/2xxx/CVE-2002-2402.json | 140 ++++----- 2005/1xxx/CVE-2005-1018.json | 150 +++++----- 2005/1xxx/CVE-2005-1565.json | 180 ++++++------ 2005/1xxx/CVE-2005-1674.json | 130 ++++----- 2005/1xxx/CVE-2005-1747.json | 240 +++++++-------- 2005/1xxx/CVE-2005-1853.json | 130 ++++----- 2009/0xxx/CVE-2009-0161.json | 180 ++++++------ 2009/0xxx/CVE-2009-0584.json | 520 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1036.json | 170 +++++------ 2009/1xxx/CVE-2009-1207.json | 200 ++++++------- 2009/1xxx/CVE-2009-1423.json | 160 +++++----- 2009/1xxx/CVE-2009-1891.json | 470 ++++++++++++++--------------- 2012/0xxx/CVE-2012-0458.json | 470 ++++++++++++++--------------- 2012/0xxx/CVE-2012-0992.json | 180 ++++++------ 2012/2xxx/CVE-2012-2325.json | 150 +++++----- 2012/2xxx/CVE-2012-2564.json | 140 ++++----- 2012/3xxx/CVE-2012-3148.json | 130 ++++----- 2012/3xxx/CVE-2012-3175.json | 130 ++++----- 2012/3xxx/CVE-2012-3500.json | 260 ++++++++--------- 2012/3xxx/CVE-2012-3863.json | 170 +++++------ 2012/3xxx/CVE-2012-3882.json | 34 +-- 2012/4xxx/CVE-2012-4021.json | 150 +++++----- 2012/4xxx/CVE-2012-4265.json | 130 ++++----- 2012/4xxx/CVE-2012-4614.json | 160 +++++----- 2012/4xxx/CVE-2012-4912.json | 180 ++++++------ 2012/6xxx/CVE-2012-6076.json | 170 +++++------ 2012/6xxx/CVE-2012-6116.json | 160 +++++----- 2012/6xxx/CVE-2012-6142.json | 140 ++++----- 2012/6xxx/CVE-2012-6672.json | 34 +-- 2017/2xxx/CVE-2017-2112.json | 240 +++++++-------- 2017/2xxx/CVE-2017-2243.json | 140 ++++----- 2017/2xxx/CVE-2017-2460.json | 190 ++++++------ 2017/2xxx/CVE-2017-2789.json | 130 ++++----- 2017/2xxx/CVE-2017-2841.json | 130 ++++----- 2017/6xxx/CVE-2017-6217.json | 34 +-- 2017/6xxx/CVE-2017-6267.json | 132 ++++----- 2017/6xxx/CVE-2017-6315.json | 120 ++++---- 2018/11xxx/CVE-2018-11584.json | 34 +-- 2018/11xxx/CVE-2018-11633.json | 130 ++++----- 2018/11xxx/CVE-2018-11852.json | 130 ++++----- 2018/11xxx/CVE-2018-11987.json | 120 ++++---- 2018/14xxx/CVE-2018-14298.json | 130 ++++----- 2018/14xxx/CVE-2018-14481.json | 130 ++++----- 2018/14xxx/CVE-2018-14676.json | 34 +-- 2018/14xxx/CVE-2018-14690.json | 120 ++++---- 2018/14xxx/CVE-2018-14724.json | 34 +-- 2018/15xxx/CVE-2018-15212.json | 34 +-- 2018/15xxx/CVE-2018-15363.json | 130 ++++----- 2018/15xxx/CVE-2018-15378.json | 206 ++++++------- 2018/15xxx/CVE-2018-15425.json | 166 +++++------ 2018/15xxx/CVE-2018-15966.json | 140 ++++----- 2018/20xxx/CVE-2018-20010.json | 130 ++++----- 2018/20xxx/CVE-2018-20467.json | 140 ++++----- 2018/20xxx/CVE-2018-20594.json | 130 ++++----- 2018/20xxx/CVE-2018-20659.json | 120 ++++---- 2018/9xxx/CVE-2018-9746.json | 34 +-- 2018/9xxx/CVE-2018-9747.json | 34 +-- 2018/9xxx/CVE-2018-9829.json | 34 +-- 70 files changed, 5382 insertions(+), 5382 deletions(-) diff --git a/2002/0xxx/CVE-2002-0285.json b/2002/0xxx/CVE-2002-0285.json index 1946838fec5..5dc244514e8 100644 --- a/2002/0xxx/CVE-2002-0285.json +++ b/2002/0xxx/CVE-2002-0285.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Outlook Express 5.5 and 6.0 on Windows treats a carriage return (\"CR\") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020212 Outlook will see non-existing attachments", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101362077701164&w=2" - }, - { - "name" : "4092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4092" - }, - { - "name" : "outlook-express-return-bypass(8198)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8198.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Outlook Express 5.5 and 6.0 on Windows treats a carriage return (\"CR\") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "outlook-express-return-bypass(8198)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8198.php" + }, + { + "name": "4092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4092" + }, + { + "name": "20020212 Outlook will see non-existing attachments", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101362077701164&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0405.json b/2002/0xxx/CVE-2002-0405.json index afd5a095c50..f4670d8ed47 100644 --- a/2002/0xxx/CVE-2002-0405.json +++ b/2002/0xxx/CVE-2002-0405.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020527 Problems with various windows FTP servers", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/274279" - }, - { - "name" : "broker-ftp-dot-bo(6673)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6673" - }, - { - "name" : "4864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4864" + }, + { + "name": "broker-ftp-dot-bo(6673)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6673" + }, + { + "name": "20020527 Problems with various windows FTP servers", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/274279" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0754.json b/2002/0xxx/CVE-2002-0754.json index 6a822276ddc..cd6b6204a6a 100644 --- a/2002/0xxx/CVE-2002-0754.json +++ b/2002/0xxx/CVE-2002-0754.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:07", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc" - }, - { - "name" : "3919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3919" - }, - { - "name" : "kerberos5-k5su-elevate-privileges(7956)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7956.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-02:07", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc" + }, + { + "name": "3919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3919" + }, + { + "name": "kerberos5-k5su-elevate-privileges(7956)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7956.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0767.json b/2002/0xxx/CVE-2002-0767.json index 781279d4602..fa6e0a36721 100644 --- a/2002/0xxx/CVE-2002-0767.json +++ b/2002/0xxx/CVE-2002-0767.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020613 simpleinit root exploit - file descriptor left open", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/276739" - }, - { - "name" : "5001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5001" - }, - { - "name" : "simpleinit-file-descriptor-open(9357)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9357.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simpleinit-file-descriptor-open(9357)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9357.php" + }, + { + "name": "5001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5001" + }, + { + "name": "20020613 simpleinit root exploit - file descriptor left open", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/276739" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0838.json b/2002/0xxx/CVE-2002-0838.json index e4e03eacd69..f6e97ea53cf 100644 --- a/2002/0xxx/CVE-2002-0838.json +++ b/2002/0xxx/CVE-2002-0838.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103305615613319&w=2" - }, - { - "name" : "20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103305778615625&w=2" - }, - { - "name" : "RHSA-2002:207", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-207.html" - }, - { - "name" : "RHSA-2002:212", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-212.html" - }, - { - "name" : "RHSA-2002:220", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" - }, - { - "name" : "DSA-176", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-176" - }, - { - "name" : "DSA-179", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-179" - }, - { - "name" : "DSA-182", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-182" - }, - { - "name" : "CSSA-2002-053.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt" - }, - { - "name" : "CLA-2002:542", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542" - }, - { - "name" : "MDKSA-2002:069", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:069" - }, - { - "name" : "MDKSA-2002:071", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:071" - }, - { - "name" : "20021017 GLSA: ggv", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103487806800388&w=2" - }, - { - "name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20021008-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20021008-1.txt" - }, - { - "name" : "VU#600777", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/600777" - }, - { - "name" : "5808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5808" - }, - { - "name" : "gv-sscanf-function-bo(10201)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10201.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-179", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-179" + }, + { + "name": "MDKSA-2002:069", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:069" + }, + { + "name": "http://www.kde.org/info/security/advisory-20021008-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20021008-1.txt" + }, + { + "name": "CSSA-2002-053.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt" + }, + { + "name": "DSA-182", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-182" + }, + { + "name": "CLA-2002:542", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542" + }, + { + "name": "20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103305615613319&w=2" + }, + { + "name": "MDKSA-2002:071", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:071" + }, + { + "name": "5808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5808" + }, + { + "name": "DSA-176", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-176" + }, + { + "name": "gv-sscanf-function-bo(10201)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10201.php" + }, + { + "name": "RHSA-2002:212", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-212.html" + }, + { + "name": "RHSA-2002:220", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html" + }, + { + "name": "RHSA-2002:207", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-207.html" + }, + { + "name": "VU#600777", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/600777" + }, + { + "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security" + }, + { + "name": "20021017 GLSA: ggv", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103487806800388&w=2" + }, + { + "name": "20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103305778615625&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1219.json b/2002/1xxx/CVE-2002-1219.json index 5bbcda3c4c0..60a8719a841 100644 --- a/2002/1xxx/CVE-2002-1219.json +++ b/2002/1xxx/CVE-2002-1219.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8", - "refsource" : "ISS", - "url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469" - }, - { - "name" : "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103713117612842&w=2" - }, - { - "name" : "http://www.isc.org/products/BIND/bind-security.html", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/products/BIND/bind-security.html" - }, - { - "name" : "CA-2002-31", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-31.html" - }, - { - "name" : "VU#852283", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/852283" - }, - { - "name" : "2002-11-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" - }, - { - "name" : "MDKSA-2002:077", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php" - }, - { - "name" : "DSA-196", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-196" - }, - { - "name" : "CLA-2002:546", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546" - }, - { - "name" : "N-013", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-013.shtml" - }, - { - "name" : "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/300019" - }, - { - "name" : "SSRT2408", - "refsource" : "COMPAQ", - "url" : "http://online.securityfocus.com/advisories/4999" - }, - { - "name" : "20021201-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P" - }, - { - "name" : "20021118 TSLSA-2002-0076 - bind", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103763574715133&w=2" - }, - { - "name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818" - }, - { - "name" : "6160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6160" - }, - { - "name" : "oval:org.mitre.oval:def:2539", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2539" - }, - { - "name" : "bind-sig-rr-bo(10304)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2002-31", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-31.html" + }, + { + "name": "http://www.isc.org/products/BIND/bind-security.html", + "refsource": "CONFIRM", + "url": "http://www.isc.org/products/BIND/bind-security.html" + }, + { + "name": "2002-11-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" + }, + { + "name": "20021201-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P" + }, + { + "name": "6160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6160" + }, + { + "name": "DSA-196", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-196" + }, + { + "name": "SSRT2408", + "refsource": "COMPAQ", + "url": "http://online.securityfocus.com/advisories/4999" + }, + { + "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818" + }, + { + "name": "oval:org.mitre.oval:def:2539", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2539" + }, + { + "name": "20021118 TSLSA-2002-0076 - bind", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103763574715133&w=2" + }, + { + "name": "CLA-2002:546", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546" + }, + { + "name": "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/300019" + }, + { + "name": "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103713117612842&w=2" + }, + { + "name": "N-013", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-013.shtml" + }, + { + "name": "VU#852283", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/852283" + }, + { + "name": "bind-sig-rr-bo(10304)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10304" + }, + { + "name": "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8", + "refsource": "ISS", + "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469" + }, + { + "name": "MDKSA-2002:077", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1238.json b/2002/1xxx/CVE-2002-1238.json index bc55085a3d4..14496b5a2e6 100644 --- a/2002/1xxx/CVE-2002-1238.json +++ b/2002/1xxx/CVE-2002-1238.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103679016031857&w=2" - }, - { - "name" : "20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html" - }, - { - "name" : "http://www.idefense.com/advisory/11.08.02a.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/11.08.02a.txt" - }, - { - "name" : "6145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6145" - }, - { - "name" : "simple-server-file-access(10563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6145" + }, + { + "name": "simple-server-file-access(10563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10563" + }, + { + "name": "20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html" + }, + { + "name": "20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103679016031857&w=2" + }, + { + "name": "http://www.idefense.com/advisory/11.08.02a.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/11.08.02a.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1600.json b/2002/1xxx/CVE-2002-1600.json index 5a8ece4d2c5..7fb17535df3 100644 --- a/2002/1xxx/CVE-2002-1600.json +++ b/2002/1xxx/CVE-2002-1600.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#181907", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/181907" - }, - { - "name" : "3855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3855" - }, - { - "name" : "1003255", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003255" - }, - { - "name" : "myclassifieds-gain-privileges(7967)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7967.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "myclassifieds-gain-privileges(7967)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7967.php" + }, + { + "name": "VU#181907", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/181907" + }, + { + "name": "3855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3855" + }, + { + "name": "1003255", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003255" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1919.json b/2002/1xxx/CVE-2002-1919.json index f5e0c83d4cb..8f324ae06cc 100644 --- a/2002/1xxx/CVE-2002-1919.json +++ b/2002/1xxx/CVE-2002-1919.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020527 Re: VP-ASP shopping cart software.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0233.html" - }, - { - "name" : "20020610 Re: VP-ASP shopping cart software.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0061.html" - }, - { - "name" : "4861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4861" + }, + { + "name": "20020610 Re: VP-ASP shopping cart software.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0061.html" + }, + { + "name": "20020527 Re: VP-ASP shopping cart software.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0233.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1980.json b/2002/1xxx/CVE-2002-1980.json index ce74e813e96..fd0d8a0fb72 100644 --- a/2002/1xxx/CVE-2002-1980.json +++ b/2002/1xxx/CVE-2002-1980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45707", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45707" - }, - { - "name" : "5207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5207" - }, - { - "name" : "solaris-vold-bo(9545)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9545.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-vold-bo(9545)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9545.php" + }, + { + "name": "45707", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45707" + }, + { + "name": "5207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5207" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2020.json b/2002/2xxx/CVE-2002-2020.json index 2341ea8107d..cd6a7710ada 100644 --- a/2002/2xxx/CVE-2002-2020.json +++ b/2002/2xxx/CVE-2002-2020.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020617 External access to Netgear RP114 \"firewall\"", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0177.html" - }, - { - "name" : "5036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5036" - }, - { - "name" : "netgear-default-external-access(9371)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9371.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5036" + }, + { + "name": "20020617 External access to Netgear RP114 \"firewall\"", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0177.html" + }, + { + "name": "netgear-default-external-access(9371)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9371.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2078.json b/2002/2xxx/CVE-2002-2078.json index 404d80a93a8..66dcc4dba25 100644 --- a/2002/2xxx/CVE-2002-2078.json +++ b/2002/2xxx/CVE-2002-2078.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020403 SECURITY.NNO: FTGate PRO/Office hotfixes", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html" - }, - { - "name" : "http://www.security.nnov.ru/advisories/ftgate.asp", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/advisories/ftgate.asp" - }, - { - "name" : "http://www.ftgate.com/knwldgbs/hotfix.htm", - "refsource" : "CONFIRM", - "url" : "http://www.ftgate.com/knwldgbs/hotfix.htm" - }, - { - "name" : "4427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4427" - }, - { - "name" : "ftgate-apop-bo(8749)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8749.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.security.nnov.ru/advisories/ftgate.asp", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/advisories/ftgate.asp" + }, + { + "name": "4427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4427" + }, + { + "name": "20020403 SECURITY.NNO: FTGate PRO/Office hotfixes", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html" + }, + { + "name": "ftgate-apop-bo(8749)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8749.php" + }, + { + "name": "http://www.ftgate.com/knwldgbs/hotfix.htm", + "refsource": "CONFIRM", + "url": "http://www.ftgate.com/knwldgbs/hotfix.htm" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2402.json b/2002/2xxx/CVE-2002-2402.json index 9efb16d9462..2f2015eb28a 100644 --- a/2002/2xxx/CVE-2002-2402.json +++ b/2002/2xxx/CVE-2002-2402.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SURECOM broadband router EP-4501 uses a default SNMP read community string of \"public\" and a default SNMP read/write community string of \"secret,\" which allows remote attackers to read and modify router configuration information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021113 Default SNMP community in Surecom Broadband Router", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103722782812519&w=2" - }, - { - "name" : "6176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6176" - }, - { - "name" : "surecom-default-snmp-string(10621)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10621.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SURECOM broadband router EP-4501 uses a default SNMP read community string of \"public\" and a default SNMP read/write community string of \"secret,\" which allows remote attackers to read and modify router configuration information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6176" + }, + { + "name": "surecom-default-snmp-string(10621)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10621.php" + }, + { + "name": "20021113 Default SNMP community in Surecom Broadband Router", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103722782812519&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1018.json b/2005/1xxx/CVE-2005-1018.json index 88e7395780e..ef8c4915392 100644 --- a/2005/1xxx/CVE-2005-1018.json +++ b/2005/1xxx/CVE-2005-1018.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050411 Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=232&type=vulnerabilities" - }, - { - "name" : "20050414 Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111351851802682&w=2" - }, - { - "name" : "20050217 RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/390760" - }, - { - "name" : "13102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050414 Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111351851802682&w=2" + }, + { + "name": "13102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13102" + }, + { + "name": "20050217 RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/390760" + }, + { + "name": "20050411 Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=232&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1565.json b/2005/1xxx/CVE-2005-1565.json index 42d424bba0c..963b89598f3 100644 --- a/2005/1xxx/CVE-2005-1565.json +++ b/2005/1xxx/CVE-2005-1565.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050512 Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111592031902962&w=2" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=287436", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=287436" - }, - { - "name" : "CLSA-2005:1040", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040" - }, - { - "name" : "13605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13605" - }, - { - "name" : "ADV-2005-0533", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0533" - }, - { - "name" : "16427", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16427" - }, - { - "name" : "15338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLSA-2005:1040", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040" + }, + { + "name": "20050512 Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111592031902962&w=2" + }, + { + "name": "ADV-2005-0533", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0533" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=287436", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=287436" + }, + { + "name": "15338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15338" + }, + { + "name": "16427", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16427" + }, + { + "name": "13605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13605" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1674.json b/2005/1xxx/CVE-2005-1674.json index fef9e825a09..e936b928b10 100644 --- a/2005/1xxx/CVE-2005-1674.json +++ b/2005/1xxx/CVE-2005-1674.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050517 Help Center Live Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/398457/2005-05-15/2005-05-21/0" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00076-05172005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00076-05172005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gulftech.org/?node=research&article_id=00076-05172005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00076-05172005" + }, + { + "name": "20050517 Help Center Live Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/398457/2005-05-15/2005-05-21/0" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1747.json b/2005/1xxx/CVE-2005-1747.json index 8226fdbd8f1..bdbf3c52bd6 100644 --- a/2005/1xxx/CVE-2005-1747.json +++ b/2005/1xxx/CVE-2005-1747.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111695921212456&w=2" - }, - { - "name" : "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt", - "refsource" : "MISC", - "url" : "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt" - }, - { - "name" : "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111695844803328&w=2" - }, - { - "name" : "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt", - "refsource" : "MISC", - "url" : "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt" - }, - { - "name" : "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111722298705561&w=2" - }, - { - "name" : "http://www.appsecinc.com/resources/alerts/general/BEA-001.html", - "refsource" : "MISC", - "url" : "http://www.appsecinc.com/resources/alerts/general/BEA-001.html" - }, - { - "name" : "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111722380313416&w=2" - }, - { - "name" : "http://www.appsecinc.com/resources/alerts/general/BEA-002.html", - "refsource" : "MISC", - "url" : "http://www.appsecinc.com/resources/alerts/general/BEA-002.html" - }, - { - "name" : "BEA05-80.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/130" - }, - { - "name" : "13717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13717" - }, - { - "name" : "ADV-2005-0607", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0607" - }, - { - "name" : "1014049", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014049" - }, - { - "name" : "15486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html", + "refsource": "MISC", + "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html" + }, + { + "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111695921212456&w=2" + }, + { + "name": "BEA05-80.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/130" + }, + { + "name": "15486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15486" + }, + { + "name": "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111722380313416&w=2" + }, + { + "name": "1014049", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014049" + }, + { + "name": "ADV-2005-0607", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0607" + }, + { + "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111695844803328&w=2" + }, + { + "name": "13717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13717" + }, + { + "name": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html", + "refsource": "MISC", + "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html" + }, + { + "name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt", + "refsource": "MISC", + "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt" + }, + { + "name": "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111722298705561&w=2" + }, + { + "name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt", + "refsource": "MISC", + "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1853.json b/2005/1xxx/CVE-2005-1853.json index 179dddad500..f6959c6edce 100644 --- a/2005/1xxx/CVE-2005-1853.json +++ b/2005/1xxx/CVE-2005-1853.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-1853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-770", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-770" - }, - { - "name" : "1014599", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Jul/1014599.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014599", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Jul/1014599.html" + }, + { + "name": "DSA-770", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-770" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0161.json b/2009/0xxx/CVE-2009-0161.json index ec54f62d5a0..f8064e8922a 100644 --- a/2009/0xxx/CVE-2009-0161.json +++ b/2009/0xxx/CVE-2009-0161.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "34926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34926" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "macos-opensslocsp-weak-security(50592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "34926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34926" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "macos-opensslocsp-weak-security(50592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50592" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0584.json b/2009/0xxx/CVE-2009-0584.json index c871389a740..b607c155b68 100644 --- a/2009/0xxx/CVE-2009-0584.json +++ b/2009/0xxx/CVE-2009-0584.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090319 rPSA-2009-0050-1 ghostscript", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501994/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=261087", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=261087" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487744", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487744" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2991", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2991" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm" - }, - { - "name" : "DSA-1746", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1746" - }, - { - "name" : "FEDORA-2009-2883", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html" - }, - { - "name" : "FEDORA-2009-2885", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html" - }, - { - "name" : "FEDORA-2009-3011", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html" - }, - { - "name" : "FEDORA-2009-3031", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html" - }, - { - "name" : "GLSA-200903-37", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml" - }, - { - "name" : "MDVSA-2009:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095" - }, - { - "name" : "MDVSA-2009:096", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096" - }, - { - "name" : "RHSA-2009:0345", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0345.html" - }, - { - "name" : "262288", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "USN-743-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-743-1" - }, - { - "name" : "USN-757-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/757-1/" - }, - { - "name" : "ESB-2009.0259", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=10666" - }, - { - "name" : "34184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34184" - }, - { - "name" : "52988", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52988" - }, - { - "name" : "oval:org.mitre.oval:def:10544", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544" - }, - { - "name" : "1021868", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021868" - }, - { - "name" : "34373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34373" - }, - { - "name" : "34381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34381" - }, - { - "name" : "34393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34393" - }, - { - "name" : "34398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34398" - }, - { - "name" : "34437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34437" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "34266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34266" - }, - { - "name" : "34443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34443" - }, - { - "name" : "34469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34469" - }, - { - "name" : "34729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34729" - }, - { - "name" : "35559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35559" - }, - { - "name" : "35569", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35569" - }, - { - "name" : "ADV-2009-0776", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0776" - }, - { - "name" : "ADV-2009-0777", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0777" - }, - { - "name" : "ADV-2009-0816", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0816" - }, - { - "name" : "ADV-2009-1708", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1708" - }, - { - "name" : "ghostscript-icclib-bo(49327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34381" + }, + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "34437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34437" + }, + { + "name": "34393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34393" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm" + }, + { + "name": "GLSA-200903-37", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml" + }, + { + "name": "1021868", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021868" + }, + { + "name": "34266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34266" + }, + { + "name": "34443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34443" + }, + { + "name": "FEDORA-2009-3031", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html" + }, + { + "name": "DSA-1746", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1746" + }, + { + "name": "52988", + "refsource": "OSVDB", + "url": "http://osvdb.org/52988" + }, + { + "name": "ESB-2009.0259", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=10666" + }, + { + "name": "ADV-2009-0776", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0776" + }, + { + "name": "oval:org.mitre.oval:def:10544", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544" + }, + { + "name": "FEDORA-2009-2885", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html" + }, + { + "name": "262288", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1" + }, + { + "name": "FEDORA-2009-3011", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "34729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34729" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2991", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2991" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487744", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744" + }, + { + "name": "MDVSA-2009:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095" + }, + { + "name": "ADV-2009-0816", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0816" + }, + { + "name": "34469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34469" + }, + { + "name": "35569", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35569" + }, + { + "name": "ADV-2009-1708", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1708" + }, + { + "name": "ghostscript-icclib-bo(49327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327" + }, + { + "name": "34184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34184" + }, + { + "name": "MDVSA-2009:096", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096" + }, + { + "name": "35559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35559" + }, + { + "name": "34373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34373" + }, + { + "name": "34398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34398" + }, + { + "name": "USN-757-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/757-1/" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=261087", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=261087" + }, + { + "name": "RHSA-2009:0345", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html" + }, + { + "name": "FEDORA-2009-2883", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html" + }, + { + "name": "ADV-2009-0777", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0777" + }, + { + "name": "20090319 rPSA-2009-0050-1 ghostscript", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded" + }, + { + "name": "USN-743-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-743-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1036.json b/2009/1xxx/CVE-2009-1036.json index 77f63f574e7..8a9dcc03e3b 100644 --- a/2009/1xxx/CVE-2009-1036.json +++ b/2009/1xxx/CVE-2009-1036.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/406314", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/406314" - }, - { - "name" : "http://drupal.org/node/405672", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/405672" - }, - { - "name" : "34168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34168" - }, - { - "name" : "52786", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52786" - }, - { - "name" : "34378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34378" - }, - { - "name" : "plus1-unspecified-csrf(49310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52786", + "refsource": "OSVDB", + "url": "http://osvdb.org/52786" + }, + { + "name": "34168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34168" + }, + { + "name": "http://drupal.org/node/405672", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/405672" + }, + { + "name": "plus1-unspecified-csrf(49310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49310" + }, + { + "name": "http://drupal.org/node/406314", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/406314" + }, + { + "name": "34378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34378" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1207.json b/2009/1xxx/CVE-2009-1207.json index 2e2880e0e9c..d0009377c7b 100644 --- a/2009/1xxx/CVE-2009-1207.json +++ b/2009/1xxx/CVE-2009-1207.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1", - "refsource" : "MISC", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm" - }, - { - "name" : "253468", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253468-1" - }, - { - "name" : "34316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34316" - }, - { - "name" : "oval:org.mitre.oval:def:6183", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6183" - }, - { - "name" : "34558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34558" - }, - { - "name" : "34813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34813" - }, - { - "name" : "ADV-2009-1105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1105" - }, - { - "name" : "solaris-dircmp-file-overwrite(49526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-dircmp-file-overwrite(49526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49526" + }, + { + "name": "34316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34316" + }, + { + "name": "ADV-2009-1105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1105" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm" + }, + { + "name": "oval:org.mitre.oval:def:6183", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6183" + }, + { + "name": "34558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34558" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1", + "refsource": "MISC", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1" + }, + { + "name": "253468", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253468-1" + }, + { + "name": "34813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34813" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1423.json b/2009/1xxx/CVE-2009-1423.json index e82eb214612..4848c71f1d2 100644 --- a/2009/1xxx/CVE-2009-1423.json +++ b/2009/1xxx/CVE-2009-1423.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02446", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2" - }, - { - "name" : "SSRT090111", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2" - }, - { - "name" : "1022536", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022536" - }, - { - "name" : "ADV-2009-1869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1869" - }, - { - "name" : "procurve-vpn-dos(51689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "procurve-vpn-dos(51689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51689" + }, + { + "name": "ADV-2009-1869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1869" + }, + { + "name": "SSRT090111", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2" + }, + { + "name": "1022536", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022536" + }, + { + "name": "HPSBGN02446", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1891.json b/2009/1xxx/CVE-2009-1891.json index aa617439630..b53a4cfd02c 100644 --- a/2009/1xxx/CVE-2009-1891.json +++ b/2009/1xxx/CVE-2009-1891.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091113 rPSA-2009-0142-2 httpd mod_ssl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507857/100/0/threaded" - }, - { - "name" : "[apache-httpd-dev] 20090628 mod_deflate DoS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2" - }, - { - "name" : "[apache-httpd-dev] 20090703 Re: mod_deflate DoS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=509125", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=509125" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0142", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0142" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142" - }, - { - "name" : "PK91361", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361" - }, - { - "name" : "PK99480", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "DSA-1834", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1834" - }, - { - "name" : "FEDORA-2009-8812", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html" - }, - { - "name" : "GLSA-200907-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-04.xml" - }, - { - "name" : "HPSBUX02612", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" - }, - { - "name" : "SSRT100345", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" - }, - { - "name" : "HPSBOV02683", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "SSRT090208", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" - }, - { - "name" : "MDVSA-2009:149", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:149" - }, - { - "name" : "RHSA-2009:1148", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1148.html" - }, - { - "name" : "RHSA-2009:1156", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1156.html" - }, - { - "name" : "SUSE-SA:2009:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html" - }, - { - "name" : "USN-802-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-802-1" - }, - { - "name" : "55782", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55782" - }, - { - "name" : "oval:org.mitre.oval:def:8632", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632" - }, - { - "name" : "oval:org.mitre.oval:def:9248", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248" - }, - { - "name" : "oval:org.mitre.oval:def:12361", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361" - }, - { - "name" : "1022529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022529" - }, - { - "name" : "35721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35721" - }, - { - "name" : "35781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35781" - }, - { - "name" : "35793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35793" - }, - { - "name" : "35865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35865" - }, - { - "name" : "37152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37152" - }, - { - "name" : "37221", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37221" - }, - { - "name" : "ADV-2009-1841", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1841" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[apache-httpd-dev] 20090628 mod_deflate DoS", + "refsource": "MLIST", + "url": "http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2" + }, + { + "name": "FEDORA-2009-8812", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html" + }, + { + "name": "SUSE-SA:2009:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142" + }, + { + "name": "35781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35781" + }, + { + "name": "PK99480", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480" + }, + { + "name": "oval:org.mitre.oval:def:12361", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361" + }, + { + "name": "MDVSA-2009:149", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:149" + }, + { + "name": "PK91361", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361" + }, + { + "name": "SSRT090208", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "RHSA-2009:1156", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1156.html" + }, + { + "name": "35865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35865" + }, + { + "name": "ADV-2009-1841", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1841" + }, + { + "name": "37152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37152" + }, + { + "name": "1022529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022529" + }, + { + "name": "[apache-httpd-dev] 20090703 Re: mod_deflate DoS", + "refsource": "MLIST", + "url": "http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2" + }, + { + "name": "DSA-1834", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1834" + }, + { + "name": "20091113 rPSA-2009-0142-2 httpd mod_ssl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507857/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:8632", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632" + }, + { + "name": "HPSBUX02612", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712" + }, + { + "name": "GLSA-200907-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml" + }, + { + "name": "HPSBOV02683", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0142", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0142" + }, + { + "name": "RHSA-2009:1148", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1148.html" + }, + { + "name": "oval:org.mitre.oval:def:9248", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248" + }, + { + "name": "USN-802-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-802-1" + }, + { + "name": "37221", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37221" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "SSRT100345", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2" + }, + { + "name": "35793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35793" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=509125", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "35721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35721" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + }, + { + "name": "55782", + "refsource": "OSVDB", + "url": "http://osvdb.org/55782" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0458.json b/2012/0xxx/CVE-2012-0458.json index 57a9f8efc29..624373bc1ae 100644 --- a/2012/0xxx/CVE-2012-0458.json +++ b/2012/0xxx/CVE-2012-0458.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718203", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718203" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=719994", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=719994" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=723808", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=723808" - }, - { - "name" : "DSA-2433", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2433" - }, - { - "name" : "DSA-2458", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2458" - }, - { - "name" : "MDVSA-2012:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" - }, - { - "name" : "MDVSA-2012:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" - }, - { - "name" : "RHSA-2012:0387", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html" - }, - { - "name" : "RHSA-2012:0388", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html" - }, - { - "name" : "openSUSE-SU-2012:0417", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" - }, - { - "name" : "SUSE-SU-2012:0424", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:0425", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" - }, - { - "name" : "USN-1400-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-3" - }, - { - "name" : "USN-1400-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-4" - }, - { - "name" : "USN-1400-5", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-5" - }, - { - "name" : "USN-1400-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-2" - }, - { - "name" : "USN-1401-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1401-1" - }, - { - "name" : "USN-1400-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-1" - }, - { - "name" : "52460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52460" - }, - { - "name" : "oval:org.mitre.oval:def:15122", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122" - }, - { - "name" : "1026804", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026804" - }, - { - "name" : "1026801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026801" - }, - { - "name" : "1026803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026803" - }, - { - "name" : "48629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48629" - }, - { - "name" : "48513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48513" - }, - { - "name" : "48495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48495" - }, - { - "name" : "48496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48496" - }, - { - "name" : "48553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48553" - }, - { - "name" : "48561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48561" - }, - { - "name" : "48624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48624" - }, - { - "name" : "48823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48823" - }, - { - "name" : "48920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48920" - }, - { - "name" : "48402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48402" - }, - { - "name" : "48359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48359" - }, - { - "name" : "48414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html" + }, + { + "name": "openSUSE-SU-2012:0417", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" + }, + { + "name": "48402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48402" + }, + { + "name": "MDVSA-2012:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" + }, + { + "name": "48624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48624" + }, + { + "name": "SUSE-SU-2012:0424", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" + }, + { + "name": "USN-1400-5", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-5" + }, + { + "name": "52460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52460" + }, + { + "name": "48414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48414" + }, + { + "name": "48359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48359" + }, + { + "name": "48823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48823" + }, + { + "name": "USN-1401-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1401-1" + }, + { + "name": "USN-1400-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-4" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=723808", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=723808" + }, + { + "name": "48629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48629" + }, + { + "name": "oval:org.mitre.oval:def:15122", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122" + }, + { + "name": "USN-1400-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-3" + }, + { + "name": "RHSA-2012:0387", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html" + }, + { + "name": "48496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48496" + }, + { + "name": "SUSE-SU-2012:0425", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=718203", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=718203" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=719994", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=719994" + }, + { + "name": "USN-1400-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-2" + }, + { + "name": "DSA-2458", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2458" + }, + { + "name": "48920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48920" + }, + { + "name": "DSA-2433", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2433" + }, + { + "name": "MDVSA-2012:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" + }, + { + "name": "1026803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026803" + }, + { + "name": "48495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48495" + }, + { + "name": "48553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48553" + }, + { + "name": "USN-1400-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-1" + }, + { + "name": "48561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48561" + }, + { + "name": "RHSA-2012:0388", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html" + }, + { + "name": "1026801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026801" + }, + { + "name": "1026804", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026804" + }, + { + "name": "48513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48513" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0992.json b/2012/0xxx/CVE-2012-0992.json index d77e41dbac1..c9e45c8c1d1 100644 --- a/2012/0xxx/CVE-2012-0992.json +++ b/2012/0xxx/CVE-2012-0992.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120201 Multiple vulnerabilities in OpenEMR", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html" - }, - { - "name" : "https://www.htbridge.ch/advisory/HTB23069", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/HTB23069" - }, - { - "name" : "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches", - "refsource" : "CONFIRM", - "url" : "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches" - }, - { - "name" : "51788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51788" - }, - { - "name" : "78731", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78731" - }, - { - "name" : "47781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47781" - }, - { - "name" : "openemr-faxdispatch-command-execution(72915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.ch/advisory/HTB23069", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/HTB23069" + }, + { + "name": "78731", + "refsource": "OSVDB", + "url": "http://osvdb.org/78731" + }, + { + "name": "51788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51788" + }, + { + "name": "20120201 Multiple vulnerabilities in OpenEMR", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html" + }, + { + "name": "47781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47781" + }, + { + "name": "openemr-faxdispatch-command-execution(72915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72915" + }, + { + "name": "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches", + "refsource": "CONFIRM", + "url": "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2325.json b/2012/2xxx/CVE-2012-2325.json index 9c8b6510a8a..f029b774dbe 100644 --- a/2012/2xxx/CVE-2012-2325.json +++ b/2012/2xxx/CVE-2012-2325.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120507 CVE request: mybb before 1.6.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/13" - }, - { - "name" : "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/14" - }, - { - "name" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" - }, - { - "name" : "53417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53417" + }, + { + "name": "[oss-security] 20120507 CVE request: mybb before 1.6.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/13" + }, + { + "name": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" + }, + { + "name": "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/14" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2564.json b/2012/2xxx/CVE-2012-2564.json index 4af22f3abed..c65d102bb8f 100644 --- a/2012/2xxx/CVE-2012-2564.json +++ b/2012/2xxx/CVE-2012-2564.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8R9LBY", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8R9LBY" - }, - { - "name" : "VU#722963", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/722963" - }, - { - "name" : "53715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53715" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8R9LBY", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8R9LBY" + }, + { + "name": "VU#722963", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/722963" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3148.json b/2012/3xxx/CVE-2012-3148.json index d6c2ba796db..3c93ef08119 100644 --- a/2012/3xxx/CVE-2012-3148.json +++ b/2012/3xxx/CVE-2012-3148.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3175.json b/2012/3xxx/CVE-2012-3175.json index 72990eb7e91..108fa3f4267 100644 --- a/2012/3xxx/CVE-2012-3175.json +++ b/2012/3xxx/CVE-2012-3175.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-0518." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-0518." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3500.json b/2012/3xxx/CVE-2012-3500.json index 263a0443723..00c0cee30d8 100644 --- a/2012/3xxx/CVE-2012-3500.json +++ b/2012/3xxx/CVE-2012-3500.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=848022", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=848022" - }, - { - "name" : "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0", - "refsource" : "CONFIRM", - "url" : "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0" - }, - { - "name" : "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb", - "refsource" : "CONFIRM", - "url" : "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316" - }, - { - "name" : "DSA-2549", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2549" - }, - { - "name" : "FEDORA-2012-13208", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html" - }, - { - "name" : "FEDORA-2012-13234", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html" - }, - { - "name" : "FEDORA-2012-13263", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html" - }, - { - "name" : "MDVSA-2013:123", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:123" - }, - { - "name" : "openSUSE-SU-2012:1437", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html" - }, - { - "name" : "USN-1593-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1593-1" - }, - { - "name" : "55358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55358" - }, - { - "name" : "50600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50600" - }, - { - "name" : "rpmdevtools-toctou-symlink(78230)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0", + "refsource": "CONFIRM", + "url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0" + }, + { + "name": "MDVSA-2013:123", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:123" + }, + { + "name": "rpmdevtools-toctou-symlink(78230)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78230" + }, + { + "name": "55358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55358" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=848022", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=848022" + }, + { + "name": "FEDORA-2012-13208", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html" + }, + { + "name": "DSA-2549", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2549" + }, + { + "name": "FEDORA-2012-13263", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html" + }, + { + "name": "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb", + "refsource": "CONFIRM", + "url": "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb" + }, + { + "name": "50600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50600" + }, + { + "name": "FEDORA-2012-13234", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html" + }, + { + "name": "USN-1593-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1593-1" + }, + { + "name": "[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/7" + }, + { + "name": "openSUSE-SU-2012:1437", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3863.json b/2012/3xxx/CVE-2012-3863.json index 90ba8b21e40..1ee2f575481 100644 --- a/2012/3xxx/CVE-2012-3863.json +++ b/2012/3xxx/CVE-2012-3863.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2012-010.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2012-010.html" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-19992", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-19992" - }, - { - "name" : "DSA-2550", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2550" - }, - { - "name" : "54327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54327" - }, - { - "name" : "50687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50687" - }, - { - "name" : "50756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50687" + }, + { + "name": "50756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50756" + }, + { + "name": "DSA-2550", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2550" + }, + { + "name": "54327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54327" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2012-010.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-19992", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3882.json b/2012/3xxx/CVE-2012-3882.json index 7fa31819ed8..285bf93c28a 100644 --- a/2012/3xxx/CVE-2012-3882.json +++ b/2012/3xxx/CVE-2012-3882.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3882", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3882", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4021.json b/2012/4xxx/CVE-2012-4021.json index 2906b4911ea..287efa20572 100644 --- a/2012/4xxx/CVE-2012-4021.json +++ b/2012/4xxx/CVE-2012-4021.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#52264310", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN52264310/index.html" - }, - { - "name" : "JVNDB-2012-000097", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000097" - }, - { - "name" : "56369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56369" - }, - { - "name" : "51110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56369" + }, + { + "name": "JVNDB-2012-000097", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000097" + }, + { + "name": "JVN#52264310", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN52264310/index.html" + }, + { + "name": "51110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51110" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4265.json b/2012/4xxx/CVE-2012-4265.json index dbeed6ce9bb..cfa34549b3d 100644 --- a/2012/4xxx/CVE-2012-4265.json +++ b/2012/4xxx/CVE-2012-4265.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18872", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18872" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=512", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=512", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=512" + }, + { + "name": "18872", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18872" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4614.json b/2012/4xxx/CVE-2012-4614.json index 15e9a212b0d..2f88708fe7d 100644 --- a/2012/4xxx/CVE-2012-4614.json +++ b/2012/4xxx/CVE-2012-4614.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-4614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121126 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html" - }, - { - "name" : "56682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56682" - }, - { - "name" : "87877", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87877" - }, - { - "name" : "1027812", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027812" - }, - { - "name" : "51408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027812", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027812" + }, + { + "name": "51408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51408" + }, + { + "name": "20121126 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html" + }, + { + "name": "56682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56682" + }, + { + "name": "87877", + "refsource": "OSVDB", + "url": "http://osvdb.org/87877" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4912.json b/2012/4xxx/CVE-2012-4912.json index bf604461c16..ea86f34e350 100644 --- a/2012/4xxx/CVE-2012-4912.json +++ b/2012/4xxx/CVE-2012-4912.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-4912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.novell.com/Download?buildid=O5hTjIiMdMo~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=O5hTjIiMdMo~" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7010768", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7010768" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=702788", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=702788" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=745425", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=745425" - }, - { - "name" : "55814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55814" - }, - { - "name" : "1027614", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027614" - }, - { - "name" : "50622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027614", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027614" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7010768", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7010768" + }, + { + "name": "55814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55814" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=745425", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=745425" + }, + { + "name": "50622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50622" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=702788", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=702788" + }, + { + "name": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6076.json b/2012/6xxx/CVE-2012-6076.json index 57fb6d40a6c..afeadc918e6 100644 --- a/2012/6xxx/CVE-2012-6076.json +++ b/2012/6xxx/CVE-2012-6076.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/30/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341" - }, - { - "name" : "https://bugs.launchpad.net/inkscape/+bug/911146", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/inkscape/+bug/911146" - }, - { - "name" : "openSUSE-SU-2013:0294", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html" - }, - { - "name" : "openSUSE-SU-2013:0297", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html" - }, - { - "name" : "USN-1712-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1712-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/30/2" + }, + { + "name": "USN-1712-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1712-1" + }, + { + "name": "https://bugs.launchpad.net/inkscape/+bug/911146", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/inkscape/+bug/911146" + }, + { + "name": "openSUSE-SU-2013:0294", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html" + }, + { + "name": "openSUSE-SU-2013:0297", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6116.json b/2012/6xxx/CVE-2012-6116.json index 07c14c84dad..27a25f12b19 100644 --- a/2012/6xxx/CVE-2012-6116.json +++ b/2012/6xxx/CVE-2012-6116.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec", - "refsource" : "CONFIRM", - "url" : "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec" - }, - { - "name" : "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d", - "refsource" : "CONFIRM", - "url" : "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d" - }, - { - "name" : "RHSA-2013:0547", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0547.html" - }, - { - "name" : "RHSA-2013:0686", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0686.html" - }, - { - "name" : "52774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec", + "refsource": "CONFIRM", + "url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec" + }, + { + "name": "52774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52774" + }, + { + "name": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d", + "refsource": "CONFIRM", + "url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d" + }, + { + "name": "RHSA-2013:0547", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html" + }, + { + "name": "RHSA-2013:0686", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6142.json b/2012/6xxx/CVE-2012-6142.json index 0a5197f4c44..eb3446c2344 100644 --- a/2012/6xxx/CVE-2012-6142.json +++ b/2012/6xxx/CVE-2012-6142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130514 Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/318" - }, - { - "name" : "59833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59833" - }, - { - "name" : "htmlep-cve20126142-sec-bypass(84199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "htmlep-cve20126142-sec-bypass(84199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84199" + }, + { + "name": "[oss-security] 20130514 Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/318" + }, + { + "name": "59833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59833" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6672.json b/2012/6xxx/CVE-2012-6672.json index 004b3da8a23..d1b09811564 100644 --- a/2012/6xxx/CVE-2012-6672.json +++ b/2012/6xxx/CVE-2012-6672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6672", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6672", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2112.json b/2017/2xxx/CVE-2017-2112.json index 7e497a41272..da02492d685 100644 --- a/2017/2xxx/CVE-2017-2112.json +++ b/2017/2xxx/CVE-2017-2112.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TS-WPTCAM", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WPTCAM2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.00" - } - ] - } - }, - { - "product_name" : "TS-WLCE", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WLC2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WRLC", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.17 and earlier" - } - ] - } - }, - { - "product_name" : "TS-PTCAM/POE", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "I-O DATA DEVICE, INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TS-WPTCAM", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WPTCAM2", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.00" + } + ] + } + }, + { + "product_name": "TS-WLCE", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WLC2", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WRLC", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.17 and earlier" + } + ] + } + }, + { + "product_name": "TS-PTCAM/POE", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "I-O DATA DEVICE, INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iodata.jp/support/information/2017/camera201702/", - "refsource" : "MISC", - "url" : "http://www.iodata.jp/support/information/2017/camera201702/" - }, - { - "name" : "JVN#46830433", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN46830433/index.html" - }, - { - "name" : "96620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#46830433", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN46830433/index.html" + }, + { + "name": "96620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96620" + }, + { + "name": "http://www.iodata.jp/support/information/2017/camera201702/", + "refsource": "MISC", + "url": "http://www.iodata.jp/support/information/2017/camera201702/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2243.json b/2017/2xxx/CVE-2017-2243.json index ccd184c976f..4d6826b37c7 100644 --- a/2017/2xxx/CVE-2017-2243.json +++ b/2017/2xxx/CVE-2017-2243.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Responsive Lightbox", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 1.7.2" - } - ] - } - } - ] - }, - "vendor_name" : "dFactory" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Responsive Lightbox", + "version": { + "version_data": [ + { + "version_value": "prior to version 1.7.2" + } + ] + } + } + ] + }, + "vendor_name": "dFactory" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/responsive-lightbox/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/responsive-lightbox/#developers" - }, - { - "name" : "JVN#39819446", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN39819446/index.html" - }, - { - "name" : "99463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99463" + }, + { + "name": "JVN#39819446", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN39819446/index.html" + }, + { + "name": "https://wordpress.org/plugins/responsive-lightbox/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/responsive-lightbox/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2460.json b/2017/2xxx/CVE-2017-2460.json index ac21440b352..a269e113ac2 100644 --- a/2017/2xxx/CVE-2017-2460.json +++ b/2017/2xxx/CVE-2017-2460.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41811", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41811/" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1090", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1090" - }, - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97130" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97130" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1090", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1090" + }, + { + "name": "41811", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41811/" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2789.json b/2017/2xxx/CVE-2017-2789.json index 39e3e7f23e4..8bffce9d11b 100644 --- a/2017/2xxx/CVE-2017-2789.json +++ b/2017/2xxx/CVE-2017-2789.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Ichitaro", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "JustSystems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ichitaro", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "JustSystems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0196/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0196/" - }, - { - "name" : "96438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0196/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0196/" + }, + { + "name": "96438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96438" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2841.json b/2017/2xxx/CVE-2017-2841.json index dfaf73b5ac7..2cfbf0b927a 100644 --- a/2017/2xxx/CVE-2017-2841.json +++ b/2017/2xxx/CVE-2017-2841.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343" - }, - { - "name" : "99184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99184" + }, + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6217.json b/2017/6xxx/CVE-2017-6217.json index 3c947cc6cad..201858d5bef 100644 --- a/2017/6xxx/CVE-2017-6217.json +++ b/2017/6xxx/CVE-2017-6217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6217", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6217", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6267.json b/2017/6xxx/CVE-2017-6267.json index 09bafb2ecfc..b49a95d441b 100644 --- a/2017/6xxx/CVE-2017-6267.json +++ b/2017/6xxx/CVE-2017-6267.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-09-21T00:00:00", - "ID" : "CVE-2017-6267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-09-21T00:00:00", + "ID": "CVE-2017-6267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544" - }, - { - "name" : "101025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544" + }, + { + "name": "101025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101025" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6315.json b/2017/6xxx/CVE-2017-6315.json index fa338c8c3c4..4ba433b7cfa 100644 --- a/2017/6xxx/CVE-2017-6315.json +++ b/2017/6xxx/CVE-2017-6315.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42726", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42726/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42726", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42726/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11584.json b/2018/11xxx/CVE-2018-11584.json index c5bf2ab58c1..9d81e395026 100644 --- a/2018/11xxx/CVE-2018-11584.json +++ b/2018/11xxx/CVE-2018-11584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11584", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11584", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11633.json b/2018/11xxx/CVE-2018-11633.json index 40ab17cd4f4..ab85d7b5d09 100644 --- a/2018/11xxx/CVE-2018-11633.json +++ b/2018/11xxx/CVE-2018-11633.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/", - "refsource" : "MISC", - "url" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/" - }, - { - "name" : "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers" + }, + { + "name": "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/", + "refsource": "MISC", + "url": "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11852.json b/2018/11xxx/CVE-2018-11852.json index e4a55f789e6..e6b82c2c39e 100644 --- a/2018/11xxx/CVE-2018-11852.json +++ b/2018/11xxx/CVE-2018-11852.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11987.json b/2018/11xxx/CVE-2018-11987.json index 54b974937cf..fc5e19dd9f3 100644 --- a/2018/11xxx/CVE-2018-11987.json +++ b/2018/11xxx/CVE-2018-11987.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Double Free Issue in Kernel" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free Issue in Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14298.json b/2018/14xxx/CVE-2018-14298.json index 15feaaf30bc..e7d1195e9f5 100644 --- a/2018/14xxx/CVE-2018-14298.json +++ b/2018/14xxx/CVE-2018-14298.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-758", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-758" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-758", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-758" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14481.json b/2018/14xxx/CVE-2018-14481.json index c8bda1bbb65..7e1a09445a3 100644 --- a/2018/14xxx/CVE-2018-14481.json +++ b/2018/14xxx/CVE-2018-14481.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/", - "refsource" : "MISC", - "url" : "https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html" + }, + { + "name": "https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/", + "refsource": "MISC", + "url": "https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14676.json b/2018/14xxx/CVE-2018-14676.json index c9c3d090a09..516987e5d0b 100644 --- a/2018/14xxx/CVE-2018-14676.json +++ b/2018/14xxx/CVE-2018-14676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14690.json b/2018/14xxx/CVE-2018-14690.json index 977d2dd2252..055e712f539 100644 --- a/2018/14xxx/CVE-2018-14690.json +++ b/2018/14xxx/CVE-2018-14690.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14724.json b/2018/14xxx/CVE-2018-14724.json index a898544dc69..5dfe843e123 100644 --- a/2018/14xxx/CVE-2018-14724.json +++ b/2018/14xxx/CVE-2018-14724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14724", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14724", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15212.json b/2018/15xxx/CVE-2018-15212.json index 6b20601bb6a..8155d2d30c6 100644 --- a/2018/15xxx/CVE-2018-15212.json +++ b/2018/15xxx/CVE-2018-15212.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15212", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15212", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15363.json b/2018/15xxx/CVE-2018-15363.json index 452257b10ce..041d12bf6c5 100644 --- a/2018/15xxx/CVE-2018-15363.json +++ b/2018/15xxx/CVE-2018-15363.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-15363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Security (Consumer)", - "version" : { - "version_data" : [ - { - "version_value" : "12.0 (2018)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-15363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Security (Consumer)", + "version": { + "version_data": [ + { + "version_value": "12.0 (2018)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-963/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-963/" - }, - { - "name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx", - "refsource" : "CONFIRM", - "url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx", + "refsource": "CONFIRM", + "url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-963/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-963/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15378.json b/2018/15xxx/CVE-2018-15378.json index a14361f00f0..97932d054a5 100644 --- a/2018/15xxx/CVE-2018-15378.json +++ b/2018/15xxx/CVE-2018-15378.json @@ -1,105 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T21:00:00-0500", - "ID" : "CVE-2018-15378", - "STATE" : "PUBLIC", - "TITLE" : "Clam AntiVirus unmew11() Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ClamAV", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "0.100.2" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the \"unmew11()\" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "5.3", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T21:00:00-0500", + "ID": "CVE-2018-15378", + "STATE": "PUBLIC", + "TITLE": "Clam AntiVirus unmew11() Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ClamAV", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "0.100.2" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181024 [SECURITY] [DLA 1553-1] clamav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00014.html" - }, - { - "name" : "https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html", - "refsource" : "MISC", - "url" : "https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html" - }, - { - "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=12170", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=12170" - }, - { - "name" : "USN-3789-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3789-1/" - }, - { - "name" : "USN-3789-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3789-2/" - }, - { - "name" : "83000", - "refsource" : "SECUNIA", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/83000/" - } - ] - }, - "source" : { - "advisory" : "Bug 12170 - ClamAV Invalid read memory access in MEW unpacker", - "defect" : [ - [ - "12170" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the \"unmew11()\" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181024 [SECURITY] [DLA 1553-1] clamav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00014.html" + }, + { + "name": "https://bugzilla.clamav.net/show_bug.cgi?id=12170", + "refsource": "CONFIRM", + "url": "https://bugzilla.clamav.net/show_bug.cgi?id=12170" + }, + { + "name": "83000", + "refsource": "SECUNIA", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/83000/" + }, + { + "name": "USN-3789-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3789-2/" + }, + { + "name": "USN-3789-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3789-1/" + }, + { + "name": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html", + "refsource": "MISC", + "url": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html" + } + ] + }, + "source": { + "advisory": "Bug 12170 - ClamAV Invalid read memory access in MEW unpacker", + "defect": [ + [ + "12170" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15425.json b/2018/15xxx/CVE-2018-15425.json index 05fb1a446ff..0fddce10927 100644 --- a/2018/15xxx/CVE-2018-15425.json +++ b/2018/15xxx/CVE-2018-15425.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15425", - "STATE" : "PUBLIC", - "TITLE" : "Multiple Vulnerabilities in Cisco Identity Services Engine" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "4.7", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15425", + "STATE": "PUBLIC", + "TITLE": "Multiple Vulnerabilities in Cisco Identity Services Engine" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Multiple Vulnerabilities in Cisco Identity Services Engine", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns" - }, - { - "name" : "1041792", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041792" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-ise-mult-vulns", - "defect" : [ - [ - "CSCvj62592", - "CSCvj62614" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181003 Multiple Vulnerabilities in Cisco Identity Services Engine", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns" + }, + { + "name": "1041792", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041792" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-ise-mult-vulns", + "defect": [ + [ + "CSCvj62592", + "CSCvj62614" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15966.json b/2018/15xxx/CVE-2018-15966.json index a5640cffaf8..d703026ae9f 100644 --- a/2018/15xxx/CVE-2018-15966.json +++ b/2018/15xxx/CVE-2018-15966.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105435" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105435" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20010.json b/2018/20xxx/CVE-2018-20010.json index 160f1826790..5b1697319eb 100644 --- a/2018/20xxx/CVE-2018-20010.json +++ b/2018/20xxx/CVE-2018-20010.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46373", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46373/" - }, - { - "name" : "https://github.com/domainmod/domainmod/issues/88", - "refsource" : "MISC", - "url" : "https://github.com/domainmod/domainmod/issues/88" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/domainmod/domainmod/issues/88", + "refsource": "MISC", + "url": "https://github.com/domainmod/domainmod/issues/88" + }, + { + "name": "46373", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46373/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20467.json b/2018/20xxx/CVE-2018-20467.json index 23867025dfa..b2d0eececf4 100644 --- a/2018/20xxx/CVE-2018-20467.json +++ b/2018/20xxx/CVE-2018-20467.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1408", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1408" - }, - { - "name" : "106315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb" + }, + { + "name": "106315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106315" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1408", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1408" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20594.json b/2018/20xxx/CVE-2018-20594.json index 4e768e65ccb..2a85a7d1b94 100644 --- a/2018/20xxx/CVE-2018-20594.json +++ b/2018/20xxx/CVE-2018-20594.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f", - "refsource" : "MISC", - "url" : "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f" - }, - { - "name" : "https://github.com/hs-web/hsweb-framework/issues/107", - "refsource" : "MISC", - "url" : "https://github.com/hs-web/hsweb-framework/issues/107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f", + "refsource": "MISC", + "url": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f" + }, + { + "name": "https://github.com/hs-web/hsweb-framework/issues/107", + "refsource": "MISC", + "url": "https://github.com/hs-web/hsweb-framework/issues/107" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20659.json b/2018/20xxx/CVE-2018-20659.json index a4161cab737..ecfe5730b5d 100644 --- a/2018/20xxx/CVE-2018-20659.json +++ b/2018/20xxx/CVE-2018-20659.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/350", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/350", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/350" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9746.json b/2018/9xxx/CVE-2018-9746.json index 681b2cd25ec..33796039e5c 100644 --- a/2018/9xxx/CVE-2018-9746.json +++ b/2018/9xxx/CVE-2018-9746.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9746", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9746", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9747.json b/2018/9xxx/CVE-2018-9747.json index e96f742e749..9ce79e465aa 100644 --- a/2018/9xxx/CVE-2018-9747.json +++ b/2018/9xxx/CVE-2018-9747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9829.json b/2018/9xxx/CVE-2018-9829.json index 9784efc6db9..68773c53971 100644 --- a/2018/9xxx/CVE-2018-9829.json +++ b/2018/9xxx/CVE-2018-9829.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9829", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9829", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file