diff --git a/2002/0xxx/CVE-2002-0035.json b/2002/0xxx/CVE-2002-0035.json index 829cba5e04c..e7f742c2f61 100644 --- a/2002/0xxx/CVE-2002-0035.json +++ b/2002/0xxx/CVE-2002-0035.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0035", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-0035", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0382.json b/2002/0xxx/CVE-2002-0382.json index 07fd64041b1..9d7d42956e1 100644 --- a/2002/0xxx/CVE-2002-0382.json +++ b/2002/0xxx/CVE-2002-0382.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020327 Xchat /dns command execution vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101725430425490&w=2" - }, - { - "name" : "RHSA-2002:097", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-097.html" - }, - { - "name" : "RHSA-2002:124", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-124.html" - }, - { - "name" : "MDKSA-2002:051", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php" - }, - { - "name" : "CLA-2002:526", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526" - }, - { - "name" : "xchat-dns-execute-commands(8704)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8704.php" - }, - { - "name" : "4376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2002:097", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-097.html" + }, + { + "name": "xchat-dns-execute-commands(8704)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8704.php" + }, + { + "name": "RHSA-2002:124", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-124.html" + }, + { + "name": "CLA-2002:526", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526" + }, + { + "name": "MDKSA-2002:051", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php" + }, + { + "name": "4376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4376" + }, + { + "name": "20020327 Xchat /dns command execution vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101725430425490&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0437.json b/2002/0xxx/CVE-2002-0437.json index c6a5616f2ca..36bc3c75e6b 100644 --- a/2002/0xxx/CVE-2002-0437.json +++ b/2002/0xxx/CVE-2002-0437.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term \"string format vulnerability\" by some sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020311 SMStools vulnerabilities in release before 1.4.8", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html" - }, - { - "name" : "http://www.isis.de/members/~s.frings/smstools/history.html", - "refsource" : "CONFIRM", - "url" : "http://www.isis.de/members/~s.frings/smstools/history.html" - }, - { - "name" : "4268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4268" - }, - { - "name" : "sms-tools-format-string(8433)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8433.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term \"string format vulnerability\" by some sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.isis.de/members/~s.frings/smstools/history.html", + "refsource": "CONFIRM", + "url": "http://www.isis.de/members/~s.frings/smstools/history.html" + }, + { + "name": "4268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4268" + }, + { + "name": "sms-tools-format-string(8433)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8433.php" + }, + { + "name": "20020311 SMStools vulnerabilities in release before 1.4.8", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0559.json b/2002/0xxx/CVE-2002-0559.json index 0820c08a5df..52cd1f6deb8 100644 --- a/2002/0xxx/CVE-2002-0559.json +++ b/2002/0xxx/CVE-2002-0559.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020206 Multiple Buffer Overflows in Oracle 9iAS", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/254426" - }, - { - "name" : "CA-2002-08", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-08.html" - }, - { - "name" : "VU#750299", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/750299" - }, - { - "name" : "VU#878603", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/878603" - }, - { - "name" : "VU#659043", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/659043" - }, - { - "name" : "VU#313280", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/313280" - }, - { - "name" : "VU#923395", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/923395" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" - }, - { - "name" : "http://www.nextgenss.com/papers/hpoas.pdf", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/papers/hpoas.pdf" - }, - { - "name" : "oracle-appserver-plsql-adddad-bo(8098)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098" - }, - { - "name" : "oracle-appserver-plsql-bo(8095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095" - }, - { - "name" : "oracle-appserver-plsql-cache-bo(8097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097" - }, - { - "name" : "oracle-appserver-plsql-authclient-bo(8096)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096" - }, - { - "name" : "4032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#750299", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/750299" + }, + { + "name": "VU#878603", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/878603" + }, + { + "name": "oracle-appserver-plsql-adddad-bo(8098)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098" + }, + { + "name": "CA-2002-08", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-08.html" + }, + { + "name": "VU#659043", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/659043" + }, + { + "name": "oracle-appserver-plsql-cache-bo(8097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097" + }, + { + "name": "oracle-appserver-plsql-authclient-bo(8096)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096" + }, + { + "name": "20020206 Multiple Buffer Overflows in Oracle 9iAS", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/254426" + }, + { + "name": "VU#313280", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/313280" + }, + { + "name": "http://www.nextgenss.com/papers/hpoas.pdf", + "refsource": "MISC", + "url": "http://www.nextgenss.com/papers/hpoas.pdf" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" + }, + { + "name": "4032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4032" + }, + { + "name": "oracle-appserver-plsql-bo(8095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095" + }, + { + "name": "VU#923395", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/923395" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1142.json b/2002/1xxx/CVE-2002-1142.json index ae325954339..a088dd41358 100644 --- a/2002/1xxx/CVE-2002-1142.json +++ b/2002/1xxx/CVE-2002-1142.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065" - }, - { - "name" : "20021120 Foundstone Advisory", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html" - }, - { - "name" : "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337", - "refsource" : "MISC", - "url" : "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337" - }, - { - "name" : "CA-2002-33", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-33.html" - }, - { - "name" : "VU#542081", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/542081" - }, - { - "name" : "6214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6214" - }, - { - "name" : "oval:org.mitre.oval:def:2730", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730" - }, - { - "name" : "oval:org.mitre.oval:def:294", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294" - }, - { - "name" : "oval:org.mitre.oval:def:3573", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573" - }, - { - "name" : "mdac-rds-server-bo(10659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659" - }, - { - "name" : "mdac-rds-client-bo(10669)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:2730", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730" + }, + { + "name": "20021120 Foundstone Advisory", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html" + }, + { + "name": "6214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6214" + }, + { + "name": "mdac-rds-client-bo(10669)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669" + }, + { + "name": "VU#542081", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/542081" + }, + { + "name": "MS02-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065" + }, + { + "name": "oval:org.mitre.oval:def:3573", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573" + }, + { + "name": "CA-2002-33", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-33.html" + }, + { + "name": "mdac-rds-server-bo(10659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659" + }, + { + "name": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337", + "refsource": "MISC", + "url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337" + }, + { + "name": "oval:org.mitre.oval:def:294", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1186.json b/2002/1xxx/CVE-2002-1186.json index cd0651f3682..6353a51dae9 100644 --- a/2002/1xxx/CVE-2002-1186.json +++ b/2002/1xxx/CVE-2002-1186.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 MSIEv6 % encoding causes a problem again", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html" - }, - { - "name" : "20020904 Re: MSIEv6 % encoding causes a problem again", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html" - }, - { - "name" : "MS02-066", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" - }, - { - "name" : "5610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5610" - }, - { - "name" : "7845", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7845" - }, - { - "name" : "oval:org.mitre.oval:def:143", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143" - }, - { - "name" : "oval:org.mitre.oval:def:471", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471" - }, - { - "name" : "oval:org.mitre.oval:def:495", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495" - }, - { - "name" : "ie-sameoriginpolicy-bypass(10039)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10039.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-066", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" + }, + { + "name": "5610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5610" + }, + { + "name": "20020903 MSIEv6 % encoding causes a problem again", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html" + }, + { + "name": "ie-sameoriginpolicy-bypass(10039)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10039.php" + }, + { + "name": "7845", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7845" + }, + { + "name": "oval:org.mitre.oval:def:495", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495" + }, + { + "name": "20020904 Re: MSIEv6 % encoding causes a problem again", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html" + }, + { + "name": "oval:org.mitre.oval:def:471", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471" + }, + { + "name": "oval:org.mitre.oval:def:143", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1628.json b/2002/1xxx/CVE-2002-1628.json index df696b4c75e..7329792007d 100644 --- a/2002/1xxx/CVE-2002-1628.json +++ b/2002/1xxx/CVE-2002-1628.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#250107", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/250107" - }, - { - "name" : "3854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3854" - }, - { - "name" : "vote-cgi-gain-privileges(7971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vote-cgi-gain-privileges(7971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7971" + }, + { + "name": "3854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3854" + }, + { + "name": "VU#250107", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/250107" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1678.json b/2002/1xxx/CVE-2002-1678.json index 0537066235e..4d984730633 100644 --- a/2002/1xxx/CVE-2002-1678.json +++ b/2002/1xxx/CVE-2002-1678.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020322 memberlist.php of vBulletin", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/263609" - }, - { - "name" : "20020322 RE: memberlist.php of vBulletin", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2" - }, - { - "name" : "4349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4349" - }, - { - "name" : "vbulletin-memberlist-execute-code(8619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020322 memberlist.php of vBulletin", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/263609" + }, + { + "name": "4349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4349" + }, + { + "name": "20020322 RE: memberlist.php of vBulletin", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2" + }, + { + "name": "vbulletin-memberlist-execute-code(8619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1817.json b/2002/1xxx/CVE-2002-1817.json index d86842f7dc4..22938a534d1 100644 --- a/2002/1xxx/CVE-2002-1817.json +++ b/2002/1xxx/CVE-2002-1817.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seer.support.veritas.com/docs/238143.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/238143.htm" - }, - { - "name" : "5688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5688" - }, - { - "name" : "1005204", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005204" - }, - { - "name" : "vcs-unauth-root-access(10082)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10082.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vcs-unauth-root-access(10082)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10082.php" + }, + { + "name": "5688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5688" + }, + { + "name": "http://seer.support.veritas.com/docs/238143.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/238143.htm" + }, + { + "name": "1005204", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005204" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1989.json b/2002/1xxx/CVE-2002-1989.json index 123b62e71e1..15df28fa44e 100644 --- a/2002/1xxx/CVE-2002-1989.json +++ b/2002/1xxx/CVE-2002-1989.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020617 KPMG-2002022: Resin DOS device Denial of Service", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0108.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020617 KPMG-2002022: Resin DOS device Denial of Service", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0108.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2158.json b/2002/2xxx/CVE-2002-2158.json index 459067ef4dd..0864637db9b 100644 --- a/2002/2xxx/CVE-2002-2158.json +++ b/2002/2xxx/CVE-2002-2158.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020610 [ARL02-A14] ZenTrack System Information Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/276121" - }, - { - "name" : "4973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4973" - }, - { - "name" : "zentrack-ticketid-path-disclosure(9312)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9312.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4973" + }, + { + "name": "zentrack-ticketid-path-disclosure(9312)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9312.php" + }, + { + "name": "20020610 [ARL02-A14] ZenTrack System Information Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/276121" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2361.json b/2002/2xxx/CVE-2002-2361.json index 771899f92af..71521f014c1 100644 --- a/2002/2xxx/CVE-2002-2361.json +++ b/2002/2xxx/CVE-2002-2361.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020827 Yahoo Messenger Install Secuirty", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html" - }, - { - "name" : "5579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5579" - }, - { - "name" : "yahoo-installer-insecure-connection(9984)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9984.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yahoo-installer-insecure-connection(9984)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9984.php" + }, + { + "name": "20020827 Yahoo Messenger Install Secuirty", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html" + }, + { + "name": "5579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5579" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1271.json b/2005/1xxx/CVE-2005-1271.json index 9b3112c368d..7ece34a9f66 100644 --- a/2005/1xxx/CVE-2005-1271.json +++ b/2005/1xxx/CVE-2005-1271.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1271", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1343. Reason: This candidate is a reservation duplicate of CVE-2005-1343. Notes: All CVE users should reference CVE-2005-1343 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1271", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1343. Reason: This candidate is a reservation duplicate of CVE-2005-1343. Notes: All CVE users should reference CVE-2005-1343 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1968.json b/2005/1xxx/CVE-2005-1968.json index cccf568e97e..4ec435d8a30 100644 --- a/2005/1xxx/CVE-2005-1968.json +++ b/2005/1xxx/CVE-2005-1968.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://echo.or.id/adv/adv16-theday-2005.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv16-theday-2005.txt" - }, - { - "name" : "1014129", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014129", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014129" + }, + { + "name": "http://echo.or.id/adv/adv16-theday-2005.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv16-theday-2005.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1099.json b/2009/1xxx/CVE-2009-1099.json index 9fd6840722d..02529effeb6 100644 --- a/2009/1xxx/CVE-2009-1099.json +++ b/2009/1xxx/CVE-2009-1099.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090326 Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1", - "refsource" : "MISC", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMA02429", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "SSRT090058", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "HPSBUX02429", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2" - }, - { - "name" : "RHSA-2009:0392", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html" - }, - { - "name" : "RHSA-2009:0394", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0394.html" - }, - { - "name" : "RHSA-2009:1038", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html" - }, - { - "name" : "RHSA-2009:1198", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html" - }, - { - "name" : "254571", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1" - }, - { - "name" : "SUSE-SA:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:029", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "SUSE-SA:2009:036", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" - }, - { - "name" : "34240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34240" - }, - { - "name" : "oval:org.mitre.oval:def:5726", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5726" - }, - { - "name" : "1021913", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021913" - }, - { - "name" : "34495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34495" - }, - { - "name" : "34496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34496" - }, - { - "name" : "35223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35223" - }, - { - "name" : "35156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35156" - }, - { - "name" : "35255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35255" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "36185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36185" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "ADV-2009-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1426" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2009:036", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:5726", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5726" + }, + { + "name": "SSRT090058", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "35156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35156" + }, + { + "name": "SUSE-SA:2009:029", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" + }, + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" + }, + { + "name": "1021913", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021913" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "RHSA-2009:1038", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html" + }, + { + "name": "20090326 Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777" + }, + { + "name": "RHSA-2009:1198", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "HPSBUX02429", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2" + }, + { + "name": "RHSA-2009:0394", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html" + }, + { + "name": "254571", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1" + }, + { + "name": "34495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34495" + }, + { + "name": "36185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36185" + }, + { + "name": "35255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35255" + }, + { + "name": "ADV-2009-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1426" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "RHSA-2009:0392", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html" + }, + { + "name": "35223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35223" + }, + { + "name": "34240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34240" + }, + { + "name": "34496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34496" + }, + { + "name": "HPSBMA02429", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1", + "refsource": "MISC", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "SUSE-SA:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1765.json b/2009/1xxx/CVE-2009-1765.json index a3c8226ccea..80d5c5535f1 100644 --- a/2009/1xxx/CVE-2009-1765.json +++ b/2009/1xxx/CVE-2009-1765.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8715", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8715" - }, - { - "name" : "35007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35007" - }, - { - "name" : "35145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35007" + }, + { + "name": "35145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35145" + }, + { + "name": "8715", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8715" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1894.json b/2009/1xxx/CVE-2009-1894.json index e6dbcfa5f6c..f472e319d82 100644 --- a/2009/1xxx/CVE-2009-1894.json +++ b/2009/1xxx/CVE-2009-1894.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090717 PulseAudio local race condition privilege escalation vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505052/100/0/threaded" - }, - { - "name" : "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html", - "refsource" : "MISC", - "url" : "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html" - }, - { - "name" : "http://taviso.decsystem.org/research.html", - "refsource" : "MISC", - "url" : "http://taviso.decsystem.org/research.html" - }, - { - "name" : "http://www.akitasecurity.nl/advisory.php?id=AK20090602", - "refsource" : "MISC", - "url" : "http://www.akitasecurity.nl/advisory.php?id=AK20090602" - }, - { - "name" : "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2", - "refsource" : "CONFIRM", - "url" : "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=510071", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=510071" - }, - { - "name" : "DSA-1838", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1838" - }, - { - "name" : "GLSA-200907-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-13.xml" - }, - { - "name" : "MDVSA-2009:152", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152" - }, - { - "name" : "MDVSA-2009:171", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171" - }, - { - "name" : "USN-804-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-804-1" - }, - { - "name" : "35721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35721" - }, - { - "name" : "35868", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35868" - }, - { - "name" : "35886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35886" - }, - { - "name" : "35896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35896" - }, - { - "name" : "pulseaudio-suid-privilege-escalation(51804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35868", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35868" + }, + { + "name": "MDVSA-2009:171", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171" + }, + { + "name": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html", + "refsource": "MISC", + "url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html" + }, + { + "name": "pulseaudio-suid-privilege-escalation(51804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804" + }, + { + "name": "http://www.akitasecurity.nl/advisory.php?id=AK20090602", + "refsource": "MISC", + "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602" + }, + { + "name": "MDVSA-2009:152", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152" + }, + { + "name": "35886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35886" + }, + { + "name": "35721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35721" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=510071", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071" + }, + { + "name": "20090717 PulseAudio local race condition privilege escalation vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded" + }, + { + "name": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2", + "refsource": "CONFIRM", + "url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2" + }, + { + "name": "DSA-1838", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1838" + }, + { + "name": "35896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35896" + }, + { + "name": "http://taviso.decsystem.org/research.html", + "refsource": "MISC", + "url": "http://taviso.decsystem.org/research.html" + }, + { + "name": "GLSA-200907-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-13.xml" + }, + { + "name": "USN-804-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-804-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5002.json b/2009/5xxx/CVE-2009-5002.json index 3d1f588679b..8cd03791fe0 100644 --- a/2009/5xxx/CVE-2009-5002.json +++ b/2009/5xxx/CVE-2009-5002.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" - }, - { - "name" : "PJ34853", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ34853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PJ34853", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ34853" + }, + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0371.json b/2012/0xxx/CVE-2012-0371.json index 7dadcf5ef6b..6c125eebf35 100644 --- a/2012/0xxx/CVE-2012-0371.json +++ b/2012/0xxx/CVE-2012-0371.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120229 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html" - }, - { - "name" : "20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc" + }, + { + "name": "20120229 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0725.json b/2012/0xxx/CVE-2012-0725.json index 882d68dfe98..cdf942f8baa 100644 --- a/2012/0xxx/CVE-2012-0725.json +++ b/2012/0xxx/CVE-2012-0725.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-07.html" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "oval:org.mitre.oval:def:14628", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14628" - }, - { - "name" : "48732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-07.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-07.html" + }, + { + "name": "48732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48732" + }, + { + "name": "oval:org.mitre.oval:def:14628", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14628" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0901.json b/2012/0xxx/CVE-2012-0901.json index 7a37472a611..3d901c79275 100644 --- a/2012/0xxx/CVE-2012-0901.json +++ b/2012/0xxx/CVE-2012-0901.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt" - }, - { - "name" : "yousaytooautopublishing-yousaytoo-xss(72271)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt" + }, + { + "name": "yousaytooautopublishing-yousaytoo-xss(72271)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72271" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3153.json b/2012/3xxx/CVE-2012-3153.json index 02ab0434cbf..c8df75ac633 100644 --- a/2012/3xxx/CVE-2012-3153.json +++ b/2012/3xxx/CVE-2012-3153.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31253", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31253" - }, - { - "name" : "20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jan/186" - }, - { - "name" : "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/", - "refsource" : "MISC", - "url" : "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/" - }, - { - "name" : "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/", - "refsource" : "MISC", - "url" : "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "55961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55961" - }, - { - "name" : "fusionmiddleware-reports-cve20123153(79296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fusionmiddleware-reports-cve20123153(79296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79296" + }, + { + "name": "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/", + "refsource": "MISC", + "url": "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/" + }, + { + "name": "31253", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31253" + }, + { + "name": "20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jan/186" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "55961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55961" + }, + { + "name": "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/", + "refsource": "MISC", + "url": "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3266.json b/2012/3xxx/CVE-2012-3266.json index 34661b41125..5657258e531 100644 --- a/2012/3xxx/CVE-2012-3266.json +++ b/2012/3xxx/CVE-2012-3266.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02818", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03510876" - }, - { - "name" : "SSRT100960", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03510876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100960", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03510876" + }, + { + "name": "HPSBST02818", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03510876" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4027.json b/2012/4xxx/CVE-2012-4027.json index af12c743f3a..d3c99f6eed5 100644 --- a/2012/4xxx/CVE-2012-4027.json +++ b/2012/4xxx/CVE-2012-4027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html", - "refsource" : "MISC", - "url" : "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html" - }, - { - "name" : "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html", + "refsource": "MISC", + "url": "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html" + }, + { + "name": "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf", + "refsource": "CONFIRM", + "url": "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4295.json b/2012/4xxx/CVE-2012-4295.json index 610b7d99816..08bf7e2c4bf 100644 --- a/2012/4xxx/CVE-2012-4295.json +++ b/2012/4xxx/CVE-2012-4295.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-16.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "openSUSE-SU-2012:1067", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514562" - }, - { - "name" : "55035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55035" - }, - { - "name" : "oval:org.mitre.oval:def:15718", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718" - }, - { - "name" : "51363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51363" - }, - { - "name" : "50276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50276" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55035" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "51363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51363" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-16.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-16.html" + }, + { + "name": "oval:org.mitre.oval:def:15718", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563" + }, + { + "name": "50276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50276" + }, + { + "name": "openSUSE-SU-2012:1067", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514562" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4298.json b/2012/4xxx/CVE-2012-4298.json index ead187394ea..86405884578 100644 --- a/2012/4xxx/CVE-2012-4298.json +++ b/2012/4xxx/CVE-2012-4298.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-25.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "openSUSE-SU-2012:1067", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514562" - }, - { - "name" : "55035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55035" - }, - { - "name" : "oval:org.mitre.oval:def:15777", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15777" - }, - { - "name" : "51363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51363" - }, - { - "name" : "50276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50276" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55035" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-25.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-25.html" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533" + }, + { + "name": "51363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51363" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision" + }, + { + "name": "oval:org.mitre.oval:def:15777", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15777" + }, + { + "name": "50276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50276" + }, + { + "name": "openSUSE-SU-2012:1067", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514562" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4567.json b/2012/4xxx/CVE-2012-4567.json index 63768de21cf..46848feafe0 100644 --- a/2012/4xxx/CVE-2012-4567.json +++ b/2012/4xxx/CVE-2012-4567.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121005 CVE request: LetoDMS, more issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/06/1" - }, - { - "name" : "[oss-security] 20121031 CVE request: LetoDMS, more issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/31/7" - }, - { - "name" : "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG" - }, - { - "name" : "55822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121005 CVE request: LetoDMS, more issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/06/1" + }, + { + "name": "[oss-security] 20121031 CVE request: LetoDMS, more issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/31/7" + }, + { + "name": "55822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55822" + }, + { + "name": "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4952.json b/2012/4xxx/CVE-2012-4952.json index 14fefa59406..0396da13df2 100644 --- a/2012/4xxx/CVE-2012-4952.json +++ b/2012/4xxx/CVE-2012-4952.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dentrix.com/support/software-updates/g5.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.dentrix.com/support/software-updates/g5.aspx" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK" - }, - { - "name" : "VU#948155", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/948155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dentrix.com/support/software-updates/g5.aspx", + "refsource": "CONFIRM", + "url": "http://www.dentrix.com/support/software-updates/g5.aspx" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK" + }, + { + "name": "VU#948155", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/948155" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6480.json b/2012/6xxx/CVE-2012-6480.json index 543a8bca20b..4df20e42755 100644 --- a/2012/6xxx/CVE-2012-6480.json +++ b/2012/6xxx/CVE-2012-6480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6480", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6480", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6565.json b/2012/6xxx/CVE-2012-6565.json index 58ff81b58fa..8776695b7a6 100644 --- a/2012/6xxx/CVE-2012-6565.json +++ b/2012/6xxx/CVE-2012-6565.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf", - "refsource" : "CONFIRM", - "url" : "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf", + "refsource": "CONFIRM", + "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2173.json b/2017/2xxx/CVE-2017-2173.json index 8c4083fb941..bcb6f15cd97 100644 --- a/2017/2xxx/CVE-2017-2173.json +++ b/2017/2xxx/CVE-2017-2173.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Empirical Project Monitor - eXtended", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - } - ] - }, - "vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Empirical Project Monitor - eXtended", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + }, + "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ipa.go.jp/sec/info/20170519.html", - "refsource" : "CONFIRM", - "url" : "https://www.ipa.go.jp/sec/info/20170519.html" - }, - { - "name" : "JVN#85512750", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN85512750/index.html" - }, - { - "name" : "JVNDB-2017-000096", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#85512750", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN85512750/index.html" + }, + { + "name": "https://www.ipa.go.jp/sec/info/20170519.html", + "refsource": "CONFIRM", + "url": "https://www.ipa.go.jp/sec/info/20170519.html" + }, + { + "name": "JVNDB-2017-000096", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2206.json b/2017/2xxx/CVE-2017-2206.json index 81133eea469..2bedb6ce765 100644 --- a/2017/2xxx/CVE-2017-2206.json +++ b/2017/2xxx/CVE-2017-2206.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of SaAT Netizen", - "version" : { - "version_data" : [ - { - "version_value" : "ver.1.2.10.510 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "NetMove Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of SaAT Netizen", + "version": { + "version_data": [ + { + "version_value": "ver.1.2.10.510 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NetMove Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.saat.jp/information/netizen/2017/0531_security_update_info.php", - "refsource" : "CONFIRM", - "url" : "https://www.saat.jp/information/netizen/2017/0531_security_update_info.php" - }, - { - "name" : "JVN#91170929", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN91170929/index.html" - }, - { - "name" : "98817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.saat.jp/information/netizen/2017/0531_security_update_info.php", + "refsource": "CONFIRM", + "url": "https://www.saat.jp/information/netizen/2017/0531_security_update_info.php" + }, + { + "name": "JVN#91170929", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN91170929/index.html" + }, + { + "name": "98817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98817" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2289.json b/2017/2xxx/CVE-2017-2289.json index 5246d0a47cd..f1626c810af 100644 --- a/2017/2xxx/CVE-2017-2289.json +++ b/2017/2xxx/CVE-2017-2289.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of Qua station connection tool for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.00.03" - } - ] - } - } - ] - }, - "vendor_name" : "KDDI CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of Qua station connection tool for Windows", + "version": { + "version_data": [ + { + "version_value": "version 1.00.03" + } + ] + } + } + ] + }, + "vendor_name": "KDDI CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#81659403", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN81659403/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#81659403", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN81659403/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2543.json b/2017/2xxx/CVE-2017-2543.json index 69d7d7c3427..309691744d1 100644 --- a/2017/2xxx/CVE-2017-2543.json +++ b/2017/2xxx/CVE-2017-2543.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Multi-Touch\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Multi-Touch\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6068.json b/2017/6xxx/CVE-2017-6068.json index a0543a7e1b4..0db354e00f5 100644 --- a/2017/6xxx/CVE-2017-6068.json +++ b/2017/6xxx/CVE-2017-6068.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.yiwang6.cn/Subrion-CSRF1.docx", - "refsource" : "MISC", - "url" : "https://www.yiwang6.cn/Subrion-CSRF1.docx" - }, - { - "name" : "97091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.yiwang6.cn/Subrion-CSRF1.docx", + "refsource": "MISC", + "url": "https://www.yiwang6.cn/Subrion-CSRF1.docx" + }, + { + "name": "97091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97091" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6107.json b/2017/6xxx/CVE-2017-6107.json index d53c0846d4c..f527b3219a1 100644 --- a/2017/6xxx/CVE-2017-6107.json +++ b/2017/6xxx/CVE-2017-6107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6120.json b/2017/6xxx/CVE-2017-6120.json index 46cd0711b59..a721241dbfd 100644 --- a/2017/6xxx/CVE-2017-6120.json +++ b/2017/6xxx/CVE-2017-6120.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6120", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6120", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6124.json b/2017/6xxx/CVE-2017-6124.json index 9044ae4b7f9..ac5d85770d8 100644 --- a/2017/6xxx/CVE-2017-6124.json +++ b/2017/6xxx/CVE-2017-6124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6494.json b/2017/6xxx/CVE-2017-6494.json index 100acc94b68..0a5ac56c847 100644 --- a/2017/6xxx/CVE-2017-6494.json +++ b/2017/6xxx/CVE-2017-6494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6494", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6494", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6847.json b/2017/6xxx/CVE-2017-6847.json index 7420a51fb3e..f67d7cddfc2 100644 --- a/2017/6xxx/CVE-2017-6847.json +++ b/2017/6xxx/CVE-2017-6847.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7182.json b/2017/7xxx/CVE-2017-7182.json index 3e122a12155..7b8ab7857d3 100644 --- a/2017/7xxx/CVE-2017-7182.json +++ b/2017/7xxx/CVE-2017-7182.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7182", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7182", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11429.json b/2018/11xxx/CVE-2018-11429.json index 05889812d7e..d78aec59f79 100644 --- a/2018/11xxx/CVE-2018-11429.json +++ b/2018/11xxx/CVE-2018-11429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md" - }, - { - "name" : "https://github.com/dwfault/AirTokens/tree/master/ATLANT", - "refsource" : "MISC", - "url" : "https://github.com/dwfault/AirTokens/tree/master/ATLANT" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md" + }, + { + "name": "https://github.com/dwfault/AirTokens/tree/master/ATLANT", + "refsource": "MISC", + "url": "https://github.com/dwfault/AirTokens/tree/master/ATLANT" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11767.json b/2018/11xxx/CVE-2018-11767.json index 6f8e3416acf..7a0611ab851 100644 --- a/2018/11xxx/CVE-2018-11767.json +++ b/2018/11xxx/CVE-2018-11767.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11767", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11767", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14122.json b/2018/14xxx/CVE-2018-14122.json index 11334de1862..b820a15eb44 100644 --- a/2018/14xxx/CVE-2018-14122.json +++ b/2018/14xxx/CVE-2018-14122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14122", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14122", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14189.json b/2018/14xxx/CVE-2018-14189.json index e634a8a2689..bc7e776817d 100644 --- a/2018/14xxx/CVE-2018-14189.json +++ b/2018/14xxx/CVE-2018-14189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14189", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14189", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14320.json b/2018/14xxx/CVE-2018-14320.json index 61a8839f518..1fa6b84af0c 100644 --- a/2018/14xxx/CVE-2018-14320.json +++ b/2018/14xxx/CVE-2018-14320.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PoDoFo PoDoFo", - "version" : { - "version_data" : [ - { - "version_value" : "0.9.5" - } - ] - } - } - ] - }, - "vendor_name" : "PoDoFo" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119-Improper Restriction of Operations within the Bounds of a Memory Buffer" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PoDoFo PoDoFo", + "version": { + "version_data": [ + { + "version_value": "0.9.5" + } + ] + } + } + ] + }, + "vendor_name": "PoDoFo" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-1046", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-1046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119-Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-1046", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-1046" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15095.json b/2018/15xxx/CVE-2018-15095.json index 8cf80667719..36efa8842a9 100644 --- a/2018/15xxx/CVE-2018-15095.json +++ b/2018/15xxx/CVE-2018-15095.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15095", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15095", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15251.json b/2018/15xxx/CVE-2018-15251.json index 2e6daaaf41c..e2a9204a757 100644 --- a/2018/15xxx/CVE-2018-15251.json +++ b/2018/15xxx/CVE-2018-15251.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15251", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15251", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15337.json b/2018/15xxx/CVE-2018-15337.json index ffb5f2024dd..96a71ee51d3 100644 --- a/2018/15xxx/CVE-2018-15337.json +++ b/2018/15xxx/CVE-2018-15337.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15337", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15337", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15662.json b/2018/15xxx/CVE-2018-15662.json index c41865846d1..8ba27034c67 100644 --- a/2018/15xxx/CVE-2018-15662.json +++ b/2018/15xxx/CVE-2018-15662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15662", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15662", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15672.json b/2018/15xxx/CVE-2018-15672.json index e6ebb812988..8a7a0c36e8f 100644 --- a/2018/15xxx/CVE-2018-15672.json +++ b/2018/15xxx/CVE-2018-15672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15672", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11207. Reason: This candidate is a reservation duplicate of CVE-2018-11207. Notes: All CVE users should reference CVE-2018-11207 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15672", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11207. Reason: This candidate is a reservation duplicate of CVE-2018-11207. Notes: All CVE users should reference CVE-2018-11207 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15684.json b/2018/15xxx/CVE-2018-15684.json index 95133f29722..fe394ddad8e 100644 --- a/2018/15xxx/CVE-2018-15684.json +++ b/2018/15xxx/CVE-2018-15684.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rastating.github.io/xbtit-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://rastating.github.io/xbtit-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rastating.github.io/xbtit-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://rastating.github.io/xbtit-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20346.json b/2018/20xxx/CVE-2018-20346.json index 9e3c31e9852..1144d4680a8 100644 --- a/2018/20xxx/CVE-2018-20346.json +++ b/2018/20xxx/CVE-2018-20346.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html" - }, - { - "name" : "https://access.redhat.com/articles/3758321", - "refsource" : "MISC", - "url" : "https://access.redhat.com/articles/3758321" - }, - { - "name" : "https://blade.tencent.com/magellan/index_en.html", - "refsource" : "MISC", - "url" : "https://blade.tencent.com/magellan/index_en.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1659379", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1659379" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1659677", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1659677" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e", - "refsource" : "MISC", - "url" : "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e" - }, - { - "name" : "https://crbug.com/900910", - "refsource" : "MISC", - "url" : "https://crbug.com/900910" - }, - { - "name" : "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html", - "refsource" : "MISC", - "url" : "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html" - }, - { - "name" : "https://news.ycombinator.com/item?id=18685296", - "refsource" : "MISC", - "url" : "https://news.ycombinator.com/item?id=18685296" - }, - { - "name" : "https://sqlite.org/src/info/940f2adc8541a838", - "refsource" : "MISC", - "url" : "https://sqlite.org/src/info/940f2adc8541a838" - }, - { - "name" : "https://sqlite.org/src/info/d44318f59044162e", - "refsource" : "MISC", - "url" : "https://sqlite.org/src/info/d44318f59044162e" - }, - { - "name" : "https://worthdoingbadly.com/sqlitebug/", - "refsource" : "MISC", - "url" : "https://worthdoingbadly.com/sqlitebug/" - }, - { - "name" : "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html", - "refsource" : "MISC", - "url" : "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html" - }, - { - "name" : "https://www.sqlite.org/releaselog/3_25_3.html", - "refsource" : "MISC", - "url" : "https://www.sqlite.org/releaselog/3_25_3.html" - }, - { - "name" : "https://www.synology.com/security/advisory/Synology_SA_18_61", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/security/advisory/Synology_SA_18_61" - }, - { - "name" : "106323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106323" - }, - { - "name" : "FreeBSD-EN-19:03", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://worthdoingbadly.com/sqlitebug/", + "refsource": "MISC", + "url": "https://worthdoingbadly.com/sqlitebug/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677" + }, + { + "name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html" + }, + { + "name": "https://www.synology.com/security/advisory/Synology_SA_18_61", + "refsource": "CONFIRM", + "url": "https://www.synology.com/security/advisory/Synology_SA_18_61" + }, + { + "name": "https://access.redhat.com/articles/3758321", + "refsource": "MISC", + "url": "https://access.redhat.com/articles/3758321" + }, + { + "name": "https://blade.tencent.com/magellan/index_en.html", + "refsource": "MISC", + "url": "https://blade.tencent.com/magellan/index_en.html" + }, + { + "name": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html", + "refsource": "MISC", + "url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html" + }, + { + "name": "https://news.ycombinator.com/item?id=18685296", + "refsource": "MISC", + "url": "https://news.ycombinator.com/item?id=18685296" + }, + { + "name": "https://sqlite.org/src/info/940f2adc8541a838", + "refsource": "MISC", + "url": "https://sqlite.org/src/info/940f2adc8541a838" + }, + { + "name": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e", + "refsource": "MISC", + "url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e" + }, + { + "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html", + "refsource": "MISC", + "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html" + }, + { + "name": "106323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106323" + }, + { + "name": "https://crbug.com/900910", + "refsource": "MISC", + "url": "https://crbug.com/900910" + }, + { + "name": "https://sqlite.org/src/info/d44318f59044162e", + "refsource": "MISC", + "url": "https://sqlite.org/src/info/d44318f59044162e" + }, + { + "name": "FreeBSD-EN-19:03", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "https://www.sqlite.org/releaselog/3_25_3.html", + "refsource": "MISC", + "url": "https://www.sqlite.org/releaselog/3_25_3.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20447.json b/2018/20xxx/CVE-2018-20447.json index 9925c10d84f..3967883cf97 100644 --- a/2018/20xxx/CVE-2018-20447.json +++ b/2018/20xxx/CVE-2018-20447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20447", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20447", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20668.json b/2018/20xxx/CVE-2018-20668.json index 8b2049cd38b..f4f52242ff4 100644 --- a/2018/20xxx/CVE-2018-20668.json +++ b/2018/20xxx/CVE-2018-20668.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20668", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20668", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9635.json b/2018/9xxx/CVE-2018-9635.json index 94784966047..9da5d6801e9 100644 --- a/2018/9xxx/CVE-2018-9635.json +++ b/2018/9xxx/CVE-2018-9635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9813.json b/2018/9xxx/CVE-2018-9813.json index 52504d96d62..ed47b16d6d3 100644 --- a/2018/9xxx/CVE-2018-9813.json +++ b/2018/9xxx/CVE-2018-9813.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9813", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9813", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9849.json b/2018/9xxx/CVE-2018-9849.json index 61ca2b249b2..3776af1d030 100644 --- a/2018/9xxx/CVE-2018-9849.json +++ b/2018/9xxx/CVE-2018-9849.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730" - }, - { - "name" : "104160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104160" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730" + } + ] + } +} \ No newline at end of file