diff --git a/2002/0xxx/CVE-2002-0660.json b/2002/0xxx/CVE-2002-0660.json index 50befaa9a7a..36d3822a99c 100644 --- a/2002/0xxx/CVE-2002-0660.json +++ b/2002/0xxx/CVE-2002-0660.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-140", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2002/dsa-140" - }, - { - "name" : "RHSA-2002:151", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2002-151.html" - }, - { - "name" : "RHSA-2002:152", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2002-152.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-140", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2002/dsa-140" + }, + { + "name": "RHSA-2002:152", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2002-152.html" + }, + { + "name": "RHSA-2002:151", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2002-151.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0691.json b/2002/0xxx/CVE-2002-0691.json index d357907c411..2ab6790d06e 100644 --- a/2002/0xxx/CVE-2002-0691.json +++ b/2002/0xxx/CVE-2002-0691.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of \"Cross-Site Scripting in Local HTML Resource\" as identified by CAN-2002-0189." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047" - }, - { - "name" : "ie-local-resource-xss(9938)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9938.php" - }, - { - "name" : "5561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of \"Cross-Site Scripting in Local HTML Resource\" as identified by CAN-2002-0189." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047" + }, + { + "name": "ie-local-resource-xss(9938)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9938.php" + }, + { + "name": "5561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5561" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0739.json b/2002/0xxx/CVE-2002-0739.json index 34b295f1d2f..75dac818282 100644 --- a/2002/0xxx/CVE-2002-0739.json +++ b/2002/0xxx/CVE-2002-0739.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020420 Vulnerability in PostCalendar", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0288.html" - }, - { - "name" : "4563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4563" - }, - { - "name" : "postcalendar-calendar-event-css(8899)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8899.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4563" + }, + { + "name": "postcalendar-calendar-event-css(8899)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8899.php" + }, + { + "name": "20020420 Vulnerability in PostCalendar", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0288.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0962.json b/2002/0xxx/CVE-2002-0962.json index 91449726c50..4b4b5f91d1a 100644 --- a/2002/0xxx/CVE-2002-0962.json +++ b/2002/0xxx/CVE-2002-0962.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020610 [ARL02-A13] Multiple Security Issues in GeekLog", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html" - }, - { - "name" : "http://geeklog.sourceforge.net/article.php?story=20020610013358149", - "refsource" : "CONFIRM", - "url" : "http://geeklog.sourceforge.net/article.php?story=20020610013358149" - }, - { - "name" : "geeklog-index-comment-xss(9310)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9310.php" - }, - { - "name" : "geeklog-calendar-event-xss(9309)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9309.php" - }, - { - "name" : "4969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4969" - }, - { - "name" : "4974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "geeklog-index-comment-xss(9310)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9310.php" + }, + { + "name": "geeklog-calendar-event-xss(9309)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9309.php" + }, + { + "name": "20020610 [ARL02-A13] Multiple Security Issues in GeekLog", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html" + }, + { + "name": "http://geeklog.sourceforge.net/article.php?story=20020610013358149", + "refsource": "CONFIRM", + "url": "http://geeklog.sourceforge.net/article.php?story=20020610013358149" + }, + { + "name": "4969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4969" + }, + { + "name": "4974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4974" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0993.json b/2002/0xxx/CVE-2002-0993.json index 5a007f7ea65..0deaa601a2d 100644 --- a/2002/0xxx/CVE-2002-0993.json +++ b/2002/0xxx/CVE-2002-0993.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0207-201", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2002-q3/0023.html" - }, - { - "name" : "5267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5267" - }, - { - "name" : "hp-isee-unauth-access(9620)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9620.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-isee-unauth-access(9620)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9620.php" + }, + { + "name": "5267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5267" + }, + { + "name": "HPSBUX0207-201", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2002-q3/0023.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1266.json b/2002/1xxx/CVE-2002-1266.json index bc02a72bd95..648522cc0ea 100644 --- a/2002/1xxx/CVE-2002-1266.json +++ b/2002/1xxx/CVE-2002-1266.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka \"Local User Privilege Elevation via Disk Image File.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.info.apple.com/usen/security/security_updates.html", - "refsource" : "CONFIRM", - "url" : "http://www.info.apple.com/usen/security/security_updates.html" - }, - { - "name" : "macos-disk-image-privileges(10818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10818" - }, - { - "name" : "7057", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka \"Local User Privilege Elevation via Disk Image File.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.info.apple.com/usen/security/security_updates.html", + "refsource": "CONFIRM", + "url": "http://www.info.apple.com/usen/security/security_updates.html" + }, + { + "name": "7057", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7057" + }, + { + "name": "macos-disk-image-privileges(10818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10818" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1562.json b/2002/1xxx/CVE-2002-1562.json index 74a8b16c2e1..9d3784c937d 100644 --- a/2002/1xxx/CVE-2002-1562.json +++ b/2002/1xxx/CVE-2002-1562.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://news.php.net/article.php?group=php.cvs&article=15698", - "refsource" : "CONFIRM", - "url" : "http://news.php.net/article.php?group=php.cvs&article=15698" - }, - { - "name" : "http://marc.info/?l=thttpd&m=103609565110472&w=2", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=thttpd&m=103609565110472&w=2" - }, - { - "name" : "DSA-396", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2003/dsa-396" - }, - { - "name" : "CLA-2003:777", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://news.php.net/article.php?group=php.cvs&article=15698", + "refsource": "CONFIRM", + "url": "http://news.php.net/article.php?group=php.cvs&article=15698" + }, + { + "name": "http://marc.info/?l=thttpd&m=103609565110472&w=2", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=thttpd&m=103609565110472&w=2" + }, + { + "name": "DSA-396", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2003/dsa-396" + }, + { + "name": "CLA-2003:777", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000777" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1740.json b/2002/1xxx/CVE-2002-1740.json index b96131fbb5c..ec26dd43633 100644 --- a/2002/1xxx/CVE-2002-1740.json +++ b/2002/1xxx/CVE-2002-1740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020507 Multiple Vulnerabilities in MDaemon + WorldClient", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/271374" - }, - { - "name" : "4689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4689" - }, - { - "name" : "mdaemon-worldclient-foldername-bo(9026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4689" + }, + { + "name": "mdaemon-worldclient-foldername-bo(9026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9026" + }, + { + "name": "20020507 Multiple Vulnerabilities in MDaemon + WorldClient", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/271374" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1847.json b/2002/1xxx/CVE-2002-1847.json index a7d749ef3ff..9f5503512df 100644 --- a/2002/1xxx/CVE-2002-1847.json +++ b/2002/1xxx/CVE-2002-1847.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020730 Windows mplay32 buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/285082" - }, - { - "name" : "5357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5357" - }, - { - "name" : "mediaplayer-mplay32-filename-bo(9727)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9727.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020730 Windows mplay32 buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/285082" + }, + { + "name": "5357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5357" + }, + { + "name": "mediaplayer-mplay32-filename-bo(9727)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9727.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1854.json b/2002/1xxx/CVE-2002-1854.json index 00bde449b78..ea8756cb530 100644 --- a/2002/1xxx/CVE-2002-1854.json +++ b/2002/1xxx/CVE-2002-1854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020627 [sp00fed packet] Whois vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/279268" - }, - { - "name" : "5113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5113" - }, - { - "name" : "rlaj-whois-command-execution(9439)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9439.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5113" + }, + { + "name": "rlaj-whois-command-execution(9439)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9439.php" + }, + { + "name": "20020627 [sp00fed packet] Whois vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/279268" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0104.json b/2003/0xxx/CVE-2003-0104.json index ab72b41f400..8908116a30a 100644 --- a/2003/0xxx/CVE-2003-0104.json +++ b/2003/0xxx/CVE-2003-0104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability", - "refsource" : "ISS", - "url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999" - }, - { - "name" : "7053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7053" - }, - { - "name" : "peoplesoft-schedulertransfer-create-files(10962)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10962.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability", + "refsource": "ISS", + "url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999" + }, + { + "name": "peoplesoft-schedulertransfer-create-files(10962)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10962.php" + }, + { + "name": "7053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7053" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0929.json b/2003/0xxx/CVE-2003-0929.json index 8d7de61e32a..72e83a26977 100644 --- a/2003/0xxx/CVE-2003-0929.json +++ b/2003/0xxx/CVE-2003-0929.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2" - }, - { - "name" : "http://www.corsaire.com/advisories/c030807-001.txt", - "refsource" : "MISC", - "url" : "http://www.corsaire.com/advisories/c030807-001.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.corsaire.com/advisories/c030807-001.txt", + "refsource": "MISC", + "url": "http://www.corsaire.com/advisories/c030807-001.txt" + }, + { + "name": "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109241692108678&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5085.json b/2009/5xxx/CVE-2009-5085.json index 40cd9c9d32a..fcc7a453e55 100644 --- a/2009/5xxx/CVE-2009-5085.json +++ b/2009/5xxx/CVE-2009-5085.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24029497", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24029497" - }, - { - "name" : "IZ44555", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IZ44555", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44555" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24029497", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24029497" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0103.json b/2012/0xxx/CVE-2012-0103.json index 643ed4ed4e0..7fe4f474ec7 100644 --- a/2012/0xxx/CVE-2012-0103.json +++ b/2012/0xxx/CVE-2012-0103.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "78423", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78423" - }, - { - "name" : "sun-solarisunspecified-dos(72499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78423", + "refsource": "OSVDB", + "url": "http://osvdb.org/78423" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + }, + { + "name": "sun-solarisunspecified-dos(72499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72499" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0581.json b/2012/0xxx/CVE-2012-0581.json index f4d34f5c1de..b2109cb782f 100644 --- a/2012/0xxx/CVE-2012-0581.json +++ b/2012/0xxx/CVE-2012-0581.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity, related to SCRM - Company Profiles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026937", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026937" - }, - { - "name" : "48874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity, related to SCRM - Company Profiles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026937", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026937" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48874" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0867.json b/2012/0xxx/CVE-2012-0867.json index c5b8bb893c0..474496b17b3 100644 --- a/2012/0xxx/CVE-2012-0867.json +++ b/2012/0xxx/CVE-2012-0867.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news/1377/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news/1377/" - }, - { - "name" : "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html" - }, - { - "name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html" - }, - { - "name" : "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html" - }, - { - "name" : "DSA-2418", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2418" - }, - { - "name" : "MDVSA-2012:026", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026" - }, - { - "name" : "RHSA-2012:0678", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0678.html" - }, - { - "name" : "openSUSE-SU-2012:1173", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html" - }, - { - "name" : "49273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.postgresql.org/about/news/1377/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news/1377/" + }, + { + "name": "49273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49273" + }, + { + "name": "RHSA-2012:0678", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html" + }, + { + "name": "MDVSA-2012:026", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026" + }, + { + "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html" + }, + { + "name": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html" + }, + { + "name": "DSA-2418", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2418" + }, + { + "name": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html" + }, + { + "name": "openSUSE-SU-2012:1173", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0941.json b/2012/0xxx/CVE-2012-0941.json index 39563dd1b2c..762fd8eef7b 100644 --- a/2012/0xxx/CVE-2012-0941.json +++ b/2012/0xxx/CVE-2012-0941.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/109168/VL-144.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109168/VL-144.txt" - }, - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=144", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=144" - }, - { - "name" : "https://fortiguard.com/psirt/FG-IR-012-001", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-012-001" - }, - { - "name" : "51708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51708" - }, - { - "name" : "1026594", - "refsource" : "SECTRACK", - "url" : "https://securitytracker.com/id/1026594" - }, - { - "name" : "fortigateutm-fieldssortedopt-xss(72761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026594", + "refsource": "SECTRACK", + "url": "https://securitytracker.com/id/1026594" + }, + { + "name": "fortigateutm-fieldssortedopt-xss(72761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72761" + }, + { + "name": "http://packetstormsecurity.org/files/109168/VL-144.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109168/VL-144.txt" + }, + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=144", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=144" + }, + { + "name": "51708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51708" + }, + { + "name": "https://fortiguard.com/psirt/FG-IR-012-001", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-012-001" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1106.json b/2012/1xxx/CVE-2012-1106.json index 7bf57634ea0..f0b10ed5dca 100644 --- a/2012/1xxx/CVE-2012-1106.json +++ b/2012/1xxx/CVE-2012-1106.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0" - }, - { - "name" : "RHSA-2012:0841", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0841.html" - }, - { - "name" : "54121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54121" - }, - { - "name" : "abrt-info-disc(76524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54121" + }, + { + "name": "RHSA-2012:0841", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0841.html" + }, + { + "name": "https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0" + }, + { + "name": "abrt-info-disc(76524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76524" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1146.json b/2012/1xxx/CVE-2012-1146.json index c0a5334fe44..3cc1bbb845d 100644 --- a/2012/1xxx/CVE-2012-1146.json +++ b/2012/1xxx/CVE-2012-1146.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120307 Re: CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/07/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=371528caec553785c37f73fa3926ea0de84f986f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=371528caec553785c37f73fa3926ea0de84f986f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=800813", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=800813" - }, - { - "name" : "https://github.com/torvalds/linux/commit/371528caec553785c37f73fa3926ea0de84f986f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/371528caec553785c37f73fa3926ea0de84f986f" - }, - { - "name" : "FEDORA-2012-3712", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075781.html" - }, - { - "name" : "SUSE-SU-2012:0554", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" - }, - { - "name" : "48898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48898" - }, - { - "name" : "48964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48964" - }, - { - "name" : "kernel-memcg-dos(73711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:0554", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/371528caec553785c37f73fa3926ea0de84f986f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/371528caec553785c37f73fa3926ea0de84f986f" + }, + { + "name": "48898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48898" + }, + { + "name": "[oss-security] 20120307 Re: CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/07/3" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10" + }, + { + "name": "48964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48964" + }, + { + "name": "kernel-memcg-dos(73711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73711" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=371528caec553785c37f73fa3926ea0de84f986f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=371528caec553785c37f73fa3926ea0de84f986f" + }, + { + "name": "FEDORA-2012-3712", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075781.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=800813", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800813" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1376.json b/2012/1xxx/CVE-2012-1376.json index 5f16fe3aea4..5b010448708 100644 --- a/2012/1xxx/CVE-2012-1376.json +++ b/2012/1xxx/CVE-2012-1376.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1376", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1376", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1569.json b/2012/1xxx/CVE-2012-1569.json index 8c28a16c93b..6eaabda942c 100644 --- a/2012/1xxx/CVE-2012-1569.json +++ b/2012/1xxx/CVE-2012-1569.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" - }, - { - "name" : "[gnutls-devel] 20120316 gnutls 3.0.16", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932" - }, - { - "name" : "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53" - }, - { - "name" : "[help-libtasn1] 20120319 minimal fix to security issue", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54" - }, - { - "name" : "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/20/3" - }, - { - "name" : "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/20/8" - }, - { - "name" : "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/21/5" - }, - { - "name" : "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/", - "refsource" : "MISC", - "url" : "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" - }, - { - "name" : "http://www.gnu.org/software/gnutls/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.gnu.org/software/gnutls/security.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=804920", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=804920" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0596.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0596.html" - }, - { - "name" : "DSA-2440", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2440" - }, - { - "name" : "FEDORA-2012-4409", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html" - }, - { - "name" : "FEDORA-2012-4451", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html" - }, - { - "name" : "FEDORA-2012-4308", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html" - }, - { - "name" : "FEDORA-2012-4342", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html" - }, - { - "name" : "FEDORA-2012-4357", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html" - }, - { - "name" : "FEDORA-2012-4417", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html" - }, - { - "name" : "MDVSA-2012:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039" - }, - { - "name" : "RHSA-2012:0488", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0488.html" - }, - { - "name" : "RHSA-2012:0531", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0531.html" - }, - { - "name" : "RHSA-2012:0427", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0427.html" - }, - { - "name" : "SUSE-SU-2014:0320", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" - }, - { - "name" : "USN-1436-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1436-1" - }, - { - "name" : "1026829", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026829" - }, - { - "name" : "48596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48596" - }, - { - "name" : "48488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48488" - }, - { - "name" : "48397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48397" - }, - { - "name" : "50739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50739" - }, - { - "name" : "57260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57260" - }, - { - "name" : "48505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48505" - }, - { - "name" : "48578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48578" - }, - { - "name" : "49002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57260" + }, + { + "name": "RHSA-2012:0427", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html" + }, + { + "name": "48578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48578" + }, + { + "name": "RHSA-2012:0531", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" + }, + { + "name": "49002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49002" + }, + { + "name": "FEDORA-2012-4357", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html" + }, + { + "name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/20/8" + }, + { + "name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5" + }, + { + "name": "48488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48488" + }, + { + "name": "USN-1436-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1436-1" + }, + { + "name": "FEDORA-2012-4342", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html" + }, + { + "name": "FEDORA-2012-4451", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html" + }, + { + "name": "http://www.gnu.org/software/gnutls/security.html", + "refsource": "CONFIRM", + "url": "http://www.gnu.org/software/gnutls/security.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=804920", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920" + }, + { + "name": "RHSA-2012:0488", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" + }, + { + "name": "FEDORA-2012-4308", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html" + }, + { + "name": "SUSE-SU-2014:0320", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" + }, + { + "name": "[gnutls-devel] 20120316 gnutls 3.0.16", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932" + }, + { + "name": "1026829", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026829" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html" + }, + { + "name": "48596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48596" + }, + { + "name": "50739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50739" + }, + { + "name": "48397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48397" + }, + { + "name": "48505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48505" + }, + { + "name": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/", + "refsource": "MISC", + "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" + }, + { + "name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53" + }, + { + "name": "[help-libtasn1] 20120319 minimal fix to security issue", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54" + }, + { + "name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/20/3" + }, + { + "name": "DSA-2440", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2440" + }, + { + "name": "MDVSA-2012:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039" + }, + { + "name": "FEDORA-2012-4409", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html" + }, + { + "name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" + }, + { + "name": "FEDORA-2012-4417", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1831.json b/2012/1xxx/CVE-2012-1831.json index d1598f48cce..c8e995a152a 100644 --- a/2012/1xxx/CVE-2012-1831.json +++ b/2012/1xxx/CVE-2012-1831.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-1831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf" - }, - { - "name" : "http://www.wellintech.com/index.php/news/33-patch-for-kingview653", - "refsource" : "CONFIRM", - "url" : "http://www.wellintech.com/index.php/news/33-patch-for-kingview653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf" + }, + { + "name": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653", + "refsource": "CONFIRM", + "url": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3489.json b/2012/3xxx/CVE-2012-3489.json index f03b820b294..994f9659846 100644 --- a/2012/3xxx/CVE-2012-3489.json +++ b/2012/3xxx/CVE-2012-3489.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news/1407/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news/1407/" - }, - { - "name" : "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html" - }, - { - "name" : "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html" - }, - { - "name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html" - }, - { - "name" : "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html" - }, - { - "name" : "http://www.postgresql.org/support/security/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/support/security/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=849173", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=849173" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2" - }, - { - "name" : "APPLE-SA-2013-03-14-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" - }, - { - "name" : "DSA-2534", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2534" - }, - { - "name" : "MDVSA-2012:139", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139" - }, - { - "name" : "RHSA-2012:1263", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1263.html" - }, - { - "name" : "openSUSE-SU-2012:1299", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html" - }, - { - "name" : "openSUSE-SU-2012:1251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html" - }, - { - "name" : "openSUSE-SU-2012:1288", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html" - }, - { - "name" : "USN-1542-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1542-1" - }, - { - "name" : "55074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55074" - }, - { - "name" : "50635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50635" - }, - { - "name" : "50718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50718" - }, - { - "name" : "50946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50946" - }, - { - "name" : "50859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1263", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html" + }, + { + "name": "55074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55074" + }, + { + "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html" + }, + { + "name": "MDVSA-2012:139", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139" + }, + { + "name": "USN-1542-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1542-1" + }, + { + "name": "50718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50718" + }, + { + "name": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2" + }, + { + "name": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html" + }, + { + "name": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html" + }, + { + "name": "http://www.postgresql.org/about/news/1407/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news/1407/" + }, + { + "name": "50635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50635" + }, + { + "name": "http://www.postgresql.org/support/security/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/support/security/" + }, + { + "name": "APPLE-SA-2013-03-14-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" + }, + { + "name": "50946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50946" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=849173", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=849173" + }, + { + "name": "DSA-2534", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2534" + }, + { + "name": "openSUSE-SU-2012:1251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html" + }, + { + "name": "openSUSE-SU-2012:1288", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html" + }, + { + "name": "50859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50859" + }, + { + "name": "openSUSE-SU-2012:1299", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3728.json b/2012/3xxx/CVE-2012-3728.json index 1d0e3df8336..ed068bd9264 100644 --- a/2012/3xxx/CVE-2012-3728.json +++ b/2012/3xxx/CVE-2012-3728.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "85629", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "85629", + "refsource": "OSVDB", + "url": "http://osvdb.org/85629" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4195.json b/2012/4xxx/CVE-2012-4195.json index 769dfcfaaee..ccd0094d1b4 100644 --- a/2012/4xxx/CVE-2012-4195.json +++ b/2012/4xxx/CVE-2012-4195.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=793121", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=793121" - }, - { - "name" : "RHSA-2012:1407", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1407.html" - }, - { - "name" : "RHSA-2012:1413", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1413.html" - }, - { - "name" : "openSUSE-SU-2012:1412", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html" - }, - { - "name" : "SUSE-SU-2012:1426", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html" - }, - { - "name" : "USN-1620-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1620-1" - }, - { - "name" : "USN-1620-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1620-2" - }, - { - "name" : "56302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56302" - }, - { - "name" : "oval:org.mitre.oval:def:16856", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16856" - }, - { - "name" : "51165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51165" - }, - { - "name" : "51121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51121" - }, - { - "name" : "51123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51123" - }, - { - "name" : "51127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51127" - }, - { - "name" : "51144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51144" - }, - { - "name" : "51146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51146" - }, - { - "name" : "51147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51147" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51144" + }, + { + "name": "SUSE-SU-2012:1426", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html" + }, + { + "name": "51123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51123" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=793121", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=793121" + }, + { + "name": "51121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51121" + }, + { + "name": "51147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51147" + }, + { + "name": "USN-1620-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1620-1" + }, + { + "name": "RHSA-2012:1407", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1407.html" + }, + { + "name": "51127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51127" + }, + { + "name": "56302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56302" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-90.html" + }, + { + "name": "oval:org.mitre.oval:def:16856", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16856" + }, + { + "name": "USN-1620-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1620-2" + }, + { + "name": "openSUSE-SU-2012:1412", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html" + }, + { + "name": "51165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51165" + }, + { + "name": "RHSA-2012:1413", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1413.html" + }, + { + "name": "51146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51146" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4617.json b/2012/4xxx/CVE-2012-4617.json index 44bb0a0f819..690d155323d 100644 --- a/2012/4xxx/CVE-2012-4617.json +++ b/2012/4xxx/CVE-2012-4617.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120926 Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp" - }, - { - "name" : "55694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55694" - }, - { - "name" : "1027576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120926 Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp" + }, + { + "name": "55694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55694" + }, + { + "name": "1027576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027576" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4734.json b/2012/4xxx/CVE-2012-4734.json index ea7be594c4d..cabec337658 100644 --- a/2012/4xxx/CVE-2012-4734.json +++ b/2012/4xxx/CVE-2012-4734.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a \"confused deputy\" attack to bypass the CSRF warning protection mechanism and cause victims to \"modify arbitrary state\" via unknown vectors related to a crafted link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20121025 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" - }, - { - "name" : "86709", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a \"confused deputy\" attack to bypass the CSRF warning protection mechanism and cause victims to \"modify arbitrary state\" via unknown vectors related to a crafted link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86709", + "refsource": "OSVDB", + "url": "http://osvdb.org/86709" + }, + { + "name": "[rt-announce] 20121025 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4813.json b/2012/4xxx/CVE-2012-4813.json index 4dffb255b9e..bf8fe642436 100644 --- a/2012/4xxx/CVE-2012-4813.json +++ b/2012/4xxx/CVE-2012-4813.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4813", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4813", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2045.json b/2017/2xxx/CVE-2017-2045.json index b74b7bcc71d..f1f06bce2df 100644 --- a/2017/2xxx/CVE-2017-2045.json +++ b/2017/2xxx/CVE-2017-2045.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2045", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2045", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2110.json b/2017/2xxx/CVE-2017-2110.json index eaedf4af8a4..5398a05e61a 100644 --- a/2017/2xxx/CVE-2017-2110.json +++ b/2017/2xxx/CVE-2017-2110.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access CX App for Android", - "version" : { - "version_data" : [ - { - "version_value" : "prior to Ver2.0.0.1" - } - ] - } - }, - { - "product_name" : "Access CX App for iOS", - "version" : { - "version_data" : [ - { - "version_value" : "prior to Ver2.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "NISSAN SECURITIES CO., LTD." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to verify SSL certificates" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access CX App for Android", + "version": { + "version_data": [ + { + "version_value": "prior to Ver2.0.0.1" + } + ] + } + }, + { + "product_name": "Access CX App for iOS", + "version": { + "version_data": [ + { + "version_value": "prior to Ver2.0.2" + } + ] + } + } + ] + }, + "vendor_name": "NISSAN SECURITIES CO., LTD." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#82619692", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN82619692/index.html" - }, - { - "name" : "96615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#82619692", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN82619692/index.html" + }, + { + "name": "96615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96615" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2449.json b/2017/2xxx/CVE-2017-2449.json index c7881ecd889..295efc486d9 100644 --- a/2017/2xxx/CVE-2017-2449.json +++ b/2017/2xxx/CVE-2017-2449.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "97140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97140" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97140" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2505.json b/2017/2xxx/CVE-2017-2505.json index f39d1ce740f..a42823a7ea1 100644 --- a/2017/2xxx/CVE-2017-2505.json +++ b/2017/2xxx/CVE-2017-2505.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98473" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + }, + { + "name": "98473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98473" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2774.json b/2017/2xxx/CVE-2017-2774.json index 7360444d13c..cc3db5bca07 100644 --- a/2017/2xxx/CVE-2017-2774.json +++ b/2017/2xxx/CVE-2017-2774.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2774", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2774", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2893.json b/2017/2xxx/CVE-2017-2893.json index be77110e2a8..2083cb3431c 100644 --- a/2017/2xxx/CVE-2017-2893.json +++ b/2017/2xxx/CVE-2017-2893.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-2893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mongoose", - "version" : { - "version_data" : [ - { - "version_value" : "6.8" - } - ] - } - } - ] - }, - "vendor_name" : "Cesanta" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-2893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mongoose", + "version": { + "version_data": [ + { + "version_value": "6.8" + } + ] + } + } + ] + }, + "vendor_name": "Cesanta" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3354.json b/2017/3xxx/CVE-2017-3354.json index 2f499879dd3..92e0b803567 100644 --- a/2017/3xxx/CVE-2017-3354.json +++ b/2017/3xxx/CVE-2017-3354.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95500" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6291.json b/2017/6xxx/CVE-2017-6291.json index dc272a0f3ba..8f0952a65d4 100644 --- a/2017/6xxx/CVE-2017-6291.json +++ b/2017/6xxx/CVE-2017-6291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6728.json b/2017/6xxx/CVE-2017-6728.json index ca3b32d9abb..96b90cbca99 100644 --- a/2017/6xxx/CVE-2017-6728.json +++ b/2017/6xxx/CVE-2017-6728.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XR", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XR" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Permissions Privilege Escalation Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XR" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-ios", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-ios" - }, - { - "name" : "99464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99464" - }, - { - "name" : "1038821", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Permissions Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99464" + }, + { + "name": "1038821", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038821" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-ios", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-ios" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7019.json b/2017/7xxx/CVE-2017-7019.json index 2affb49e851..ec8c73eb701 100644 --- a/2017/7xxx/CVE-2017-7019.json +++ b/2017/7xxx/CVE-2017-7019.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit Page Loading\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207921", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207921" - }, - { - "name" : "https://support.apple.com/HT207923", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207923" - }, - { - "name" : "https://support.apple.com/HT207924", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207924" - }, - { - "name" : "https://support.apple.com/HT207927", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207927" - }, - { - "name" : "https://support.apple.com/HT207928", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207928" - }, - { - "name" : "GLSA-201710-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-14" - }, - { - "name" : "99885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99885" - }, - { - "name" : "1038950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit Page Loading\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99885" + }, + { + "name": "https://support.apple.com/HT207927", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207927" + }, + { + "name": "https://support.apple.com/HT207924", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207924" + }, + { + "name": "https://support.apple.com/HT207928", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207928" + }, + { + "name": "https://support.apple.com/HT207921", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207921" + }, + { + "name": "https://support.apple.com/HT207923", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207923" + }, + { + "name": "GLSA-201710-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-14" + }, + { + "name": "1038950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038950" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7547.json b/2017/7xxx/CVE-2017-7547.json index b1afbc855f5..7afa9bb8bad 100644 --- a/2017/7xxx/CVE-2017-7547.json +++ b/2017/7xxx/CVE-2017-7547.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-08-10T00:00:00", - "ID" : "CVE-2017-7547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.x before 9.2.22" - }, - { - "version_value" : "9.3.x before 9.3.18" - }, - { - "version_value" : "9.4.x before 9.4.13" - }, - { - "version_value" : "9.5.x before 9.5.8" - }, - { - "version_value" : "9.6.x before 9.6.4" - } - ] - } - } - ] - }, - "vendor_name" : "PostgreSQL" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-522" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-08-10T00:00:00", + "ID": "CVE-2017-7547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "9.2.x before 9.2.22" + }, + { + "version_value": "9.3.x before 9.3.18" + }, + { + "version_value": "9.4.x before 9.4.13" + }, + { + "version_value": "9.5.x before 9.5.8" + }, + { + "version_value": "9.6.x before 9.6.4" + } + ] + } + } + ] + }, + "vendor_name": "PostgreSQL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.postgresql.org/about/news/1772/", - "refsource" : "CONFIRM", - "url" : "https://www.postgresql.org/about/news/1772/" - }, - { - "name" : "DSA-3936", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3936" - }, - { - "name" : "DSA-3935", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3935" - }, - { - "name" : "GLSA-201710-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-06" - }, - { - "name" : "RHSA-2017:2728", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2728" - }, - { - "name" : "RHSA-2017:2677", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2677" - }, - { - "name" : "RHSA-2017:2678", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2678" - }, - { - "name" : "100275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100275" - }, - { - "name" : "1039142", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2728", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2728" + }, + { + "name": "DSA-3936", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3936" + }, + { + "name": "RHSA-2017:2678", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2678" + }, + { + "name": "DSA-3935", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3935" + }, + { + "name": "1039142", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039142" + }, + { + "name": "https://www.postgresql.org/about/news/1772/", + "refsource": "CONFIRM", + "url": "https://www.postgresql.org/about/news/1772/" + }, + { + "name": "GLSA-201710-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-06" + }, + { + "name": "100275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100275" + }, + { + "name": "RHSA-2017:2677", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2677" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7729.json b/2017/7xxx/CVE-2017-7729.json index 656a726f319..d69c6e73fc2 100644 --- a/2017/7xxx/CVE-2017-7729.json +++ b/2017/7xxx/CVE-2017-7729.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On iSmartAlarm cube devices, there is Incorrect Access Control because a \"new key\" is transmitted in cleartext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On iSmartAlarm cube devices, there is Incorrect Access Control because a \"new key\" is transmitted in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/", + "refsource": "MISC", + "url": "http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7997.json b/2017/7xxx/CVE-2017-7997.json index 82259d0493c..6fdf9658faf 100644 --- a/2017/7xxx/CVE-2017-7997.json +++ b/2017/7xxx/CVE-2017-7997.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43447", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43447/" - }, - { - "name" : "20180105 [CVE-2017-7997] Gespage SQL Injection vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jan/14" - }, - { - "name" : "https://sysdream.com/news/lab/2018-01-02-cve-2017-7997-gespage-sql-injection-vulnerability/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2018-01-02-cve-2017-7997-gespage-sql-injection-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180105 [CVE-2017-7997] Gespage SQL Injection vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jan/14" + }, + { + "name": "https://sysdream.com/news/lab/2018-01-02-cve-2017-7997-gespage-sql-injection-vulnerability/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2018-01-02-cve-2017-7997-gespage-sql-injection-vulnerability/" + }, + { + "name": "43447", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43447/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10217.json b/2018/10xxx/CVE-2018-10217.json index 016276f5e63..637cadeb5ac 100644 --- a/2018/10xxx/CVE-2018-10217.json +++ b/2018/10xxx/CVE-2018-10217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10217", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10217", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10374.json b/2018/10xxx/CVE-2018-10374.json index 9ecf54135e0..d0922bfc07b 100644 --- a/2018/10xxx/CVE-2018-10374.json +++ b/2018/10xxx/CVE-2018-10374.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/teameasy/EasyCMS/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/teameasy/EasyCMS/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/teameasy/EasyCMS/issues/1", + "refsource": "MISC", + "url": "https://github.com/teameasy/EasyCMS/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10595.json b/2018/10xxx/CVE-2018-10595.json index 7825944269a..b271ed2ab4d 100644 --- a/2018/10xxx/CVE-2018-10595.json +++ b/2018/10xxx/CVE-2018-10595.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-22T00:00:00", - "ID" : "CVE-2018-10595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kiestra and InoqulA systems", - "version" : { - "version_data" : [ - { - "version_value" : "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous." - } - ] - } - } - ] - }, - "vendor_name" : "Becton, Dickinson and Company" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Product UI does not warn user of unsafe actions CWE-356" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-22T00:00:00", + "ID": "CVE-2018-10595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kiestra and InoqulA systems", + "version": { + "version_data": [ + { + "version_value": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous." + } + ] + } + } + ] + }, + "vendor_name": "Becton, Dickinson and Company" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01" - }, - { - "name" : "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula", - "refsource" : "CONFIRM", - "url" : "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Product UI does not warn user of unsafe actions CWE-356" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula", + "refsource": "CONFIRM", + "url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14138.json b/2018/14xxx/CVE-2018-14138.json index 561a8436cfe..e18bf1a5011 100644 --- a/2018/14xxx/CVE-2018-14138.json +++ b/2018/14xxx/CVE-2018-14138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14311.json b/2018/14xxx/CVE-2018-14311.json index 8cee9d04e73..239f4f4677a 100644 --- a/2018/14xxx/CVE-2018-14311.json +++ b/2018/14xxx/CVE-2018-14311.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit ActiveX Pro SDK", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA events. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6331." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit ActiveX Pro SDK", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-771", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-771" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA events. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6331." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-771", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-771" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14743.json b/2018/14xxx/CVE-2018-14743.json index de1149a8d62..4f7d3e2f626 100644 --- a/2018/14xxx/CVE-2018-14743.json +++ b/2018/14xxx/CVE-2018-14743.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407367002", - "refsource" : "MISC", - "url" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407367002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407367002", + "refsource": "MISC", + "url": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407367002" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15431.json b/2018/15xxx/CVE-2018-15431.json index 5656f1675be..21a016ead39 100644 --- a/2018/15xxx/CVE-2018-15431.json +++ b/2018/15xxx/CVE-2018-15431.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15431", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx WRF Player ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15431", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx WRF Player ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" - }, - { - "name" : "105520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105520" - }, - { - "name" : "1041795", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041795" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-webex-rce", - "defect" : [ - [ - "CSCvj83752", - "CSCvj83767", - "CSCvj83771", - "CSCvj83793", - "CSCvj83797", - "CSCvj83803", - "CSCvj83818", - "CSCvj83824", - "CSCvj83831", - "CSCvj87929", - "CSCvj87934", - "CSCvj93870", - "CSCvj93877", - "CSCvk31089", - "CSCvk33049", - "CSCvk52510", - "CSCvk52518", - "CSCvk52521", - "CSCvk59945", - "CSCvk59949", - "CSCvk59950", - "CSCvk60158", - "CSCvk60163", - "CSCvm51315", - "CSCvm51318", - "CSCvm51361", - "CSCvm51371", - "CSCvm51373", - "CSCvm51374", - "CSCvm51382", - "CSCvm51386", - "CSCvm51391", - "CSCvm51393", - "CSCvm51396", - "CSCvm51398", - "CSCvm51412", - "CSCvm51413", - "CSCvm54531", - "CSCvm54538" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041795", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041795" + }, + { + "name": "105520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105520" + }, + { + "name": "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-webex-rce", + "defect": [ + [ + "CSCvj83752", + "CSCvj83767", + "CSCvj83771", + "CSCvj83793", + "CSCvj83797", + "CSCvj83803", + "CSCvj83818", + "CSCvj83824", + "CSCvj83831", + "CSCvj87929", + "CSCvj87934", + "CSCvj93870", + "CSCvj93877", + "CSCvk31089", + "CSCvk33049", + "CSCvk52510", + "CSCvk52518", + "CSCvk52521", + "CSCvk59945", + "CSCvk59949", + "CSCvk59950", + "CSCvk60158", + "CSCvk60163", + "CSCvm51315", + "CSCvm51318", + "CSCvm51361", + "CSCvm51371", + "CSCvm51373", + "CSCvm51374", + "CSCvm51382", + "CSCvm51386", + "CSCvm51391", + "CSCvm51393", + "CSCvm51396", + "CSCvm51398", + "CSCvm51412", + "CSCvm51413", + "CSCvm54531", + "CSCvm54538" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20231.json b/2018/20xxx/CVE-2018-20231.json index 630329dcb60..5fcade5cd9a 100644 --- a/2018/20xxx/CVE-2018-20231.json +++ b/2018/20xxx/CVE-2018-20231.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.privacy-wise.com/two-factor-authentication-cross-site-request-forgery-csrf-vulnerability-cve-2018-20231/", - "refsource" : "MISC", - "url" : "https://www.privacy-wise.com/two-factor-authentication-cross-site-request-forgery-csrf-vulnerability-cve-2018-20231/" - }, - { - "name" : "https://wordpress.org/plugins/two-factor-authentication/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/two-factor-authentication/#developers" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9187", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.privacy-wise.com/two-factor-authentication-cross-site-request-forgery-csrf-vulnerability-cve-2018-20231/", + "refsource": "MISC", + "url": "https://www.privacy-wise.com/two-factor-authentication-cross-site-request-forgery-csrf-vulnerability-cve-2018-20231/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9187", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9187" + }, + { + "name": "https://wordpress.org/plugins/two-factor-authentication/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/two-factor-authentication/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20420.json b/2018/20xxx/CVE-2018-20420.json index dcce0c5ad6a..1dbe5bf9cc4 100644 --- a/2018/20xxx/CVE-2018-20420.json +++ b/2018/20xxx/CVE-2018-20420.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/eddietcc/CVEnotes/blob/master/webERP_4.15_Z_CreateCompanyTemplateFile/README.md", - "refsource" : "MISC", - "url" : "https://github.com/eddietcc/CVEnotes/blob/master/webERP_4.15_Z_CreateCompanyTemplateFile/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/eddietcc/CVEnotes/blob/master/webERP_4.15_Z_CreateCompanyTemplateFile/README.md", + "refsource": "MISC", + "url": "https://github.com/eddietcc/CVEnotes/blob/master/webERP_4.15_Z_CreateCompanyTemplateFile/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20577.json b/2018/20xxx/CVE-2018-20577.json index d42b0e814f4..dad7af22e56 100644 --- a/2018/20xxx/CVE-2018-20577.json +++ b/2018/20xxx/CVE-2018-20577.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zadewg/LIVEBOX-0DAY", - "refsource" : "MISC", - "url" : "https://github.com/zadewg/LIVEBOX-0DAY" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zadewg/LIVEBOX-0DAY", + "refsource": "MISC", + "url": "https://github.com/zadewg/LIVEBOX-0DAY" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20671.json b/2018/20xxx/CVE-2018-20671.json index f63ef624866..e3dfb9b013a 100644 --- a/2018/20xxx/CVE-2018-20671.json +++ b/2018/20xxx/CVE-2018-20671.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24005", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24005" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca" - }, - { - "name" : "106457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca", + "refsource": "MISC", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca" + }, + { + "name": "106457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106457" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24005", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24005" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9660.json b/2018/9xxx/CVE-2018-9660.json index f041afbd26e..9714d4cfa52 100644 --- a/2018/9xxx/CVE-2018-9660.json +++ b/2018/9xxx/CVE-2018-9660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9660", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9660", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9722.json b/2018/9xxx/CVE-2018-9722.json index f81f78fcdf1..568098d2570 100644 --- a/2018/9xxx/CVE-2018-9722.json +++ b/2018/9xxx/CVE-2018-9722.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9722", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9722", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9740.json b/2018/9xxx/CVE-2018-9740.json index d744df844e6..0fa1a2c3138 100644 --- a/2018/9xxx/CVE-2018-9740.json +++ b/2018/9xxx/CVE-2018-9740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9767.json b/2018/9xxx/CVE-2018-9767.json index 47741fc6790..9e819bb10c0 100644 --- a/2018/9xxx/CVE-2018-9767.json +++ b/2018/9xxx/CVE-2018-9767.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9767", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9767", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9963.json b/2018/9xxx/CVE-2018-9963.json index bb02655b3c6..470d6a13964 100644 --- a/2018/9xxx/CVE-2018-9963.json +++ b/2018/9xxx/CVE-2018-9963.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5549." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-347", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-347" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5549." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-347", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-347" + } + ] + } +} \ No newline at end of file