diff --git a/2002/0xxx/CVE-2002-0020.json b/2002/0xxx/CVE-2002-0020.json index a401ebf6eb2..6df3e1c1ec2 100644 --- a/2002/0xxx/CVE-2002-0020.json +++ b/2002/0xxx/CVE-2002-0020.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-004" - }, - { - "name" : "4061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4061" - }, - { - "name" : "ms-telnet-option-bo(8094)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8094.php" - }, - { - "name" : "oval:org.mitre.oval:def:424", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:424", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A424" + }, + { + "name": "4061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4061" + }, + { + "name": "ms-telnet-option-bo(8094)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8094.php" + }, + { + "name": "MS02-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-004" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0064.json b/2002/0xxx/CVE-2002-0064.json index 2a4715d1739..fd0fee2b6a6 100644 --- a/2002/0xxx/CVE-2002-0064.json +++ b/2002/0xxx/CVE-2002-0064.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x", - "refsource" : "BINDVIEW", - "url" : "http://razor.bindview.com/publish/advisories/adv_FunkProxy.html" - }, - { - "name" : "funk-proxy-insecure-permissions(8791)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8791.php" - }, - { - "name" : "4458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4458" + }, + { + "name": "funk-proxy-insecure-permissions(8791)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8791.php" + }, + { + "name": "20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x", + "refsource": "BINDVIEW", + "url": "http://razor.bindview.com/publish/advisories/adv_FunkProxy.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0193.json b/2002/0xxx/CVE-2002-0193.json index 738de99d2ab..883a01a42d3 100644 --- a/2002/0xxx/CVE-2002-0193.json +++ b/2002/0xxx/CVE-2002-0193.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the \"Content Disposition\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023" - }, - { - "name" : "ie-content-disposition-variant(9085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9085" - }, - { - "name" : "4752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4752" - }, - { - "name" : "oval:org.mitre.oval:def:27", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A27" - }, - { - "name" : "oval:org.mitre.oval:def:99", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A99" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the \"Content Disposition\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023" + }, + { + "name": "4752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4752" + }, + { + "name": "oval:org.mitre.oval:def:99", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A99" + }, + { + "name": "oval:org.mitre.oval:def:27", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A27" + }, + { + "name": "ie-content-disposition-variant(9085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9085" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0340.json b/2002/0xxx/CVE-2002-0340.json index a8f90e4a638..3a35889fd1a 100644 --- a/2002/0xxx/CVE-2002-0340.json +++ b/2002/0xxx/CVE-2002-0340.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020222 Windows Media Player executes WMF content in .MP3 files.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101447771102582&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020222 Windows Media Player executes WMF content in .MP3 files.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101447771102582&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0617.json b/2002/0xxx/CVE-2002-0617.json index 2a57086008b..b0801420a94 100644 --- a/2002/0xxx/CVE-2002-0617.json +++ b/2002/0xxx/CVE-2002-0617.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka \"Hyperlinked Excel Workbook Macro Bypass.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-031", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031" - }, - { - "name" : "5064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5064" - }, - { - "name" : "5175", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5175" - }, - { - "name" : "excel-hyperlink-macro-execution(9398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka \"Hyperlinked Excel Workbook Macro Bypass.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5175", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5175" + }, + { + "name": "MS02-031", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031" + }, + { + "name": "5064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5064" + }, + { + "name": "excel-hyperlink-macro-execution(9398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9398" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0902.json b/2002/0xxx/CVE-2002-0902.json index c354293a349..403546d476d 100644 --- a/2002/0xxx/CVE-2002-0902.json +++ b/2002/0xxx/CVE-2002-0902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (\") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020526 Cross Site Scripting Vulnerability in phpBB2's [IMG] tag and remote avatar", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/274273" - }, - { - "name" : "4858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4858" - }, - { - "name" : "phpbb-bbcode-image-css(9178)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9178.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (\") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4858" + }, + { + "name": "20020526 Cross Site Scripting Vulnerability in phpBB2's [IMG] tag and remote avatar", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/274273" + }, + { + "name": "phpbb-bbcode-image-css(9178)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9178.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1262.json b/2002/1xxx/CVE-2002-1262.json index 7f664e4d674..cfa25540475 100644 --- a/2002/1xxx/CVE-2002-1262.json +++ b/2002/1xxx/CVE-2002-1262.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021125 RE: MS02-066 - fixes, gaps and incorrect statements", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103825484331857&w=2" - }, - { - "name" : "20021125 Re: MS02-066 - fixes, gaps and incorrect statements", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=103824668621672&w=2" - }, - { - "name" : "MS02-068", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-068" - }, - { - "name" : "20021205 Notes on MS02-068, extensive downplaying of severity", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103910416824172&w=2" - }, - { - "name" : "20021205 Notes on MS02-068, extensive downplaying of severity", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=103909877717345&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021125 Re: MS02-066 - fixes, gaps and incorrect statements", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=103824668621672&w=2" + }, + { + "name": "20021205 Notes on MS02-068, extensive downplaying of severity", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103910416824172&w=2" + }, + { + "name": "20021125 RE: MS02-066 - fixes, gaps and incorrect statements", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103825484331857&w=2" + }, + { + "name": "20021205 Notes on MS02-068, extensive downplaying of severity", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=103909877717345&w=2" + }, + { + "name": "MS02-068", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-068" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1434.json b/2002/1xxx/CVE-2002-1434.json index 690cd52ed8e..5085ad35ea7 100644 --- a/2002/1xxx/CVE-2002-1434.json +++ b/2002/1xxx/CVE-2002-1434.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020819 Kerio Mail Server Multiple Security Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html" - }, - { - "name" : "5507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5507" - }, - { - "name" : "kerio-webserver-webmail-xss(9905)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9905.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kerio-webserver-webmail-xss(9905)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9905.php" + }, + { + "name": "20020819 Kerio Mail Server Multiple Security Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html" + }, + { + "name": "5507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5507" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1494.json b/2002/1xxx/CVE-2002-1494.json index eb922136184..9be0761a711 100644 --- a/2002/1xxx/CVE-2002-1494.json +++ b/2002/1xxx/CVE-2002-1494.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Cross-Site Scripting in Aestiva's HTML/OS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html" - }, - { - "name" : "5618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5618" - }, - { - "name" : "aestiva-htmlos-cgi-xss(10029)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10029.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5618" + }, + { + "name": "20020903 Cross-Site Scripting in Aestiva's HTML/OS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html" + }, + { + "name": "aestiva-htmlos-cgi-xss(10029)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10029.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1509.json b/2002/1xxx/CVE-2002-1509.json index 88bc5c74b19..5ee71ec90a5 100644 --- a/2002/1xxx/CVE-2002-1509.json +++ b/2002/1xxx/CVE-2002-1509.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418" - }, - { - "name" : "MDKSA-2003:026", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026" - }, - { - "name" : "RHSA-2003:057", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-057.html" - }, - { - "name" : "RHSA-2003:058", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-058.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:058", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-058.html" + }, + { + "name": "MDKSA-2003:026", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418" + }, + { + "name": "RHSA-2003:057", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-057.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1679.json b/2002/1xxx/CVE-2002-1679.json index e4790b4171f..d996f7dd938 100644 --- a/2002/1xxx/CVE-2002-1679.json +++ b/2002/1xxx/CVE-2002-1679.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020131 Fairly serious vulnerability in vBulletin 2.2.0", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/253365" - }, - { - "name" : "20020131 Semi-serious vulnerability in vBulletin 2.2.0", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/253371" - }, - { - "name" : "vbulletin-bbs-css(8039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8039" - }, - { - "name" : "4008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020131 Fairly serious vulnerability in vBulletin 2.2.0", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/253365" + }, + { + "name": "20020131 Semi-serious vulnerability in vBulletin 2.2.0", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/253371" + }, + { + "name": "vbulletin-bbs-css(8039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8039" + }, + { + "name": "4008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4008" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1846.json b/2002/1xxx/CVE-2002-1846.json index 1f0b91d58be..e4726e76b14 100644 --- a/2002/1xxx/CVE-2002-1846.json +++ b/2002/1xxx/CVE-2002-1846.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/296121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/296121" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2134.json b/2002/2xxx/CVE-2002-2134.json index 9d460b3c652..418bde00aaa 100644 --- a/2002/2xxx/CVE-2002-2134.json +++ b/2002/2xxx/CVE-2002-2134.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021231 PEEL (PHP)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/304779" - }, - { - "name" : "1005869", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005869" - }, - { - "name" : "7797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7797" - }, - { - "name" : "peel-haut-file-include(10960)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10960.php" - }, - { - "name" : "6496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021231 PEEL (PHP)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/304779" + }, + { + "name": "1005869", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005869" + }, + { + "name": "6496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6496" + }, + { + "name": "peel-haut-file-include(10960)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10960.php" + }, + { + "name": "7797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7797" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2415.json b/2002/2xxx/CVE-2002-2415.json index 9095fa3c6d1..ebb4287a90f 100644 --- a/2002/2xxx/CVE-2002-2415.json +++ b/2002/2xxx/CVE-2002-2415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021120 Allied Telesyn switches & routers vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html" - }, - { - "name" : "6233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6233" - }, - { - "name" : "telesyn-zero-stream-dos(10680)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10680.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6233" + }, + { + "name": "20021120 Allied Telesyn switches & routers vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html" + }, + { + "name": "telesyn-zero-stream-dos(10680)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10680.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0975.json b/2003/0xxx/CVE-2003-0975.json index da767d94c34..c62f7a15b80 100644 --- a/2003/0xxx/CVE-2003-0975.json +++ b/2003/0xxx/CVE-2003-0975.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031118 Apple Safari 1.1 (v100)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106917674428552&w=2" - }, - { - "name" : "http://lists.apple.com/mhonarc/security-announce/msg00042.html", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00042.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=61798", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=61798" - }, - { - "name" : "mozilla-netscape-steal-cookies(7973)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.apple.com/mhonarc/security-announce/msg00042.html", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00042.html" + }, + { + "name": "mozilla-netscape-steal-cookies(7973)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7973" + }, + { + "name": "20031118 Apple Safari 1.1 (v100)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106917674428552&w=2" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=61798", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=61798" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1204.json b/2005/1xxx/CVE-2005-1204.json index efae2f47747..b354a7125a3 100644 --- a/2005/1xxx/CVE-2005-1204.json +++ b/2005/1xxx/CVE-2005-1204.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Desktop Rover 3.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a crafted packet to TCP port 61427, which causes an invalid memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050420 Neslo Desktop Rover Remote DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111401676906915&w=2" - }, - { - "name" : "http://www.evilpacket.net/advisories/EP-000-0003.html", - "refsource" : "MISC", - "url" : "http://www.evilpacket.net/advisories/EP-000-0003.html" - }, - { - "name" : "15032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Desktop Rover 3.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a crafted packet to TCP port 61427, which causes an invalid memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050420 Neslo Desktop Rover Remote DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111401676906915&w=2" + }, + { + "name": "http://www.evilpacket.net/advisories/EP-000-0003.html", + "refsource": "MISC", + "url": "http://www.evilpacket.net/advisories/EP-000-0003.html" + }, + { + "name": "15032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15032" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1335.json b/2005/1xxx/CVE-2005-1335.json index 671c75d16f4..4598b9dbb9b 100644 --- a/2005/1xxx/CVE-2005-1335.json +++ b/2005/1xxx/CVE-2005-1335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which \"use external helper programs in an insecure manner.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-05-03", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" - }, - { - "name" : "TA05-136A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" - }, - { - "name" : "VU#331694", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/331694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which \"use external helper programs in an insecure manner.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA05-136A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" + }, + { + "name": "VU#331694", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/331694" + }, + { + "name": "APPLE-SA-2005-05-03", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1405.json b/2005/1xxx/CVE-2005-1405.json index 3221c6c5274..e9e4410fb0c 100644 --- a/2005/1xxx/CVE-2005-1405.json +++ b/2005/1xxx/CVE-2005-1405.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437" - }, - { - "name" : "VU#699798", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/699798" - }, - { - "name" : "15365", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15365" - }, - { - "name" : "1013839", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013839" - }, - { - "name" : "14879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14879" - }, - { - "name" : "lotus-sethttpheader-injection(20045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15365", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15365" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202437" + }, + { + "name": "14879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14879" + }, + { + "name": "lotus-sethttpheader-injection(20045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20045" + }, + { + "name": "VU#699798", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/699798" + }, + { + "name": "1013839", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013839" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1986.json b/2005/1xxx/CVE-2005-1986.json index 7903fe53ae5..0c952524fa6 100644 --- a/2005/1xxx/CVE-2005-1986.json +++ b/2005/1xxx/CVE-2005-1986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1986", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1986", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1154.json b/2009/1xxx/CVE-2009-1154.json index c6b04d30ae4..6568bc0fd97 100644 --- a/2009/1xxx/CVE-2009-1154.json +++ b/2009/1xxx/CVE-2009-1154.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-1154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml" - }, - { - "name" : "1022756", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022756", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022756" + }, + { + "name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1453.json b/2009/1xxx/CVE-2009-1453.json index 7d282d56476..194f88d56e9 100644 --- a/2009/1xxx/CVE-2009-1453.json +++ b/2009/1xxx/CVE-2009-1453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090417 Tiny Blogr 1.0.0 rc4 Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502747/100/0/threaded" - }, - { - "name" : "8464", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8464" - }, - { - "name" : "34581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34581" - }, - { - "name" : "34768", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34768", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34768" + }, + { + "name": "34581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34581" + }, + { + "name": "8464", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8464" + }, + { + "name": "20090417 Tiny Blogr 1.0.0 rc4 Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502747/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0516.json b/2012/0xxx/CVE-2012-0516.json index b3fcde95516..7c6bc4f91d8 100644 --- a/2012/0xxx/CVE-2012-0516.json +++ b/2012/0xxx/CVE-2012-0516.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53133" - }, - { - "name" : "1026951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53133" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "1026951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026951" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0606.json b/2012/0xxx/CVE-2012-0606.json index 0acfd08b6cb..24b95ec61d6 100644 --- a/2012/0xxx/CVE-2012-0606.json +++ b/2012/0xxx/CVE-2012-0606.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79928", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79928" - }, - { - "name" : "oval:org.mitre.oval:def:17168", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17168" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120606-code-execution(73825)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "apple-webkit-cve20120606-code-execution(73825)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73825" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "oval:org.mitre.oval:def:17168", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17168" + }, + { + "name": "79928", + "refsource": "OSVDB", + "url": "http://osvdb.org/79928" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2786.json b/2012/2xxx/CVE-2012-2786.json index 8e040c58913..7055ecb21e7 100644 --- a/2012/2xxx/CVE-2012-2786.json +++ b/2012/2xxx/CVE-2012-2786.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array write.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d1c95d2ce39560e251fdb14f4af91b04fd7b845c", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d1c95d2ce39560e251fdb14f4af91b04fd7b845c" - }, - { - "name" : "http://libav.org/releases/libav-0.7.7.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.7.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.4.changelog" - }, - { - "name" : "MDVSA-2013:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - }, - { - "name" : "51257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array write.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://libav.org/releases/libav-0.8.4.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.4.changelog" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "MDVSA-2013:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d1c95d2ce39560e251fdb14f4af91b04fd7b845c", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d1c95d2ce39560e251fdb14f4af91b04fd7b845c" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://libav.org/releases/libav-0.7.7.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.7.changelog" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + }, + { + "name": "51257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51257" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3242.json b/2012/3xxx/CVE-2012-3242.json index dbe79e6349f..41ffa525454 100644 --- a/2012/3xxx/CVE-2012-3242.json +++ b/2012/3xxx/CVE-2012-3242.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3242", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3242", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3339.json b/2012/3xxx/CVE-2012-3339.json index b736234d9a0..0a8d0b7c238 100644 --- a/2012/3xxx/CVE-2012-3339.json +++ b/2012/3xxx/CVE-2012-3339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3339", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3339", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3399.json b/2012/3xxx/CVE-2012-3399.json index 2ce3174eabf..9afa62badf0 100644 --- a/2012/3xxx/CVE-2012-3399.json +++ b/2012/3xxx/CVE-2012-3399.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120630 Basilic RCE bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0002.html" - }, - { - "name" : "20120706 Re: Basilic RCE bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0043.html" - }, - { - "name" : "19631", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/19631" - }, - { - "name" : "[oss-security] 20120709 Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/10/1" - }, - { - "name" : "[oss-security] 20120710 CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/09/4" - }, - { - "name" : "54234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54234" - }, - { - "name" : "basilic-diff-command-execution(76667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "basilic-diff-command-execution(76667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76667" + }, + { + "name": "20120706 Re: Basilic RCE bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0043.html" + }, + { + "name": "[oss-security] 20120710 CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/09/4" + }, + { + "name": "19631", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/19631" + }, + { + "name": "54234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54234" + }, + { + "name": "20120630 Basilic RCE bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0002.html" + }, + { + "name": "[oss-security] 20120709 Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/10/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3414.json b/2012/3xxx/CVE-2012-3414.json index 7e02831b2f0..e206b2870b5 100644 --- a/2012/3xxx/CVE-2012-3414.json +++ b/2012/3xxx/CVE-2012-3414.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the \"ExternalInterface.call\" function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120716 CVE id request: libjs-swfupload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/16/4" - }, - { - "name" : "[oss-security] 20120717 Re: CVE id request: libjs-swfupload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/17/12" - }, - { - "name" : "http://code.google.com/p/swfupload/issues/detail?id=376", - "refsource" : "MISC", - "url" : "http://code.google.com/p/swfupload/issues/detail?id=376" - }, - { - "name" : "http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html" - }, - { - "name" : "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/", - "refsource" : "MISC", - "url" : "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/" - }, - { - "name" : "http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html", - "refsource" : "MISC", - "url" : "http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html" - }, - { - "name" : "http://make.wordpress.org/core/2013/06/21/secure-swfupload/", - "refsource" : "CONFIRM", - "url" : "http://make.wordpress.org/core/2013/06/21/secure-swfupload/" - }, - { - "name" : "54245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the \"ExternalInterface.call\" function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/swfupload/issues/detail?id=376", + "refsource": "MISC", + "url": "http://code.google.com/p/swfupload/issues/detail?id=376" + }, + { + "name": "54245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54245" + }, + { + "name": "[oss-security] 20120717 Re: CVE id request: libjs-swfupload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/17/12" + }, + { + "name": "http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html", + "refsource": "MISC", + "url": "http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html" + }, + { + "name": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/", + "refsource": "MISC", + "url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/" + }, + { + "name": "[oss-security] 20120716 CVE id request: libjs-swfupload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/16/4" + }, + { + "name": "http://make.wordpress.org/core/2013/06/21/secure-swfupload/", + "refsource": "CONFIRM", + "url": "http://make.wordpress.org/core/2013/06/21/secure-swfupload/" + }, + { + "name": "http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3512.json b/2012/3xxx/CVE-2012-3512.json index c1a889a45ee..0d7a666cee1 100644 --- a/2012/3xxx/CVE-2012-3512.json +++ b/2012/3xxx/CVE-2012-3512.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120820 Two munin issues, now with CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/21/1" - }, - { - "name" : "http://www.munin-monitoring.org/ticket/1234", - "refsource" : "MISC", - "url" : "http://www.munin-monitoring.org/ticket/1234" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075" - }, - { - "name" : "FEDORA-2012-13110", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html" - }, - { - "name" : "FEDORA-2012-13649", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html" - }, - { - "name" : "FEDORA-2012-13683", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html" - }, - { - "name" : "USN-1622-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1622-1" - }, - { - "name" : "55698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-13649", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html" + }, + { + "name": "USN-1622-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1622-1" + }, + { + "name": "FEDORA-2012-13683", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html" + }, + { + "name": "[oss-security] 20120820 Two munin issues, now with CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1" + }, + { + "name": "http://www.munin-monitoring.org/ticket/1234", + "refsource": "MISC", + "url": "http://www.munin-monitoring.org/ticket/1234" + }, + { + "name": "FEDORA-2012-13110", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html" + }, + { + "name": "55698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55698" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3831.json b/2012/3xxx/CVE-2012-3831.json index 46da66dcbcb..8bec2235d9f 100644 --- a/2012/3xxx/CVE-2012-3831.json +++ b/2012/3xxx/CVE-2012-3831.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/milesj/php-decoda/commit/104afad9d3cb1fbb766c4bc5b98e070a8a13fbd8", - "refsource" : "CONFIRM", - "url" : "https://github.com/milesj/php-decoda/commit/104afad9d3cb1fbb766c4bc5b98e070a8a13fbd8" - }, - { - "name" : "81637", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81637", + "refsource": "OSVDB", + "url": "http://osvdb.org/81637" + }, + { + "name": "https://github.com/milesj/php-decoda/commit/104afad9d3cb1fbb766c4bc5b98e070a8a13fbd8", + "refsource": "CONFIRM", + "url": "https://github.com/milesj/php-decoda/commit/104afad9d3cb1fbb766c4bc5b98e070a8a13fbd8" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4013.json b/2012/4xxx/CVE-2012-4013.json index c7de400ce43..a7af764e337 100644 --- a/2012/4xxx/CVE-2012-4013.json +++ b/2012/4xxx/CVE-2012-4013.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://products.cybozu.co.jp/remote/product/smartphone/", - "refsource" : "MISC", - "url" : "http://products.cybozu.co.jp/remote/product/smartphone/" - }, - { - "name" : "JVN#03015214", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN03015214/index.html" - }, - { - "name" : "JVNDB-2012-000085", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://products.cybozu.co.jp/remote/product/smartphone/", + "refsource": "MISC", + "url": "http://products.cybozu.co.jp/remote/product/smartphone/" + }, + { + "name": "JVNDB-2012-000085", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000085" + }, + { + "name": "JVN#03015214", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN03015214/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4149.json b/2012/4xxx/CVE-2012-4149.json index 408d66794ad..e6074734bdc 100644 --- a/2012/4xxx/CVE-2012-4149.json +++ b/2012/4xxx/CVE-2012-4149.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-4149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "oval:org.mitre.oval:def:16265", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html" + }, + { + "name": "oval:org.mitre.oval:def:16265", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16265" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4444.json b/2012/4xxx/CVE-2012-4444.json index 119fd32d6f4..78df355a1bd 100644 --- a/2012/4xxx/CVE-2012-4444.json +++ b/2012/4xxx/CVE-2012-4444.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: CVE request --- acceptation of overlapping ipv6 fragments", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/09/2" - }, - { - "name" : "https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf", - "refsource" : "MISC", - "url" : "https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=70789d7052239992824628db8133de08dc78e593", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=70789d7052239992824628db8133de08dc78e593" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=874835", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=874835" - }, - { - "name" : "https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593" - }, - { - "name" : "RHSA-2012:1580", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1580.html" - }, - { - "name" : "SUSE-SU-2013:0856", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html" - }, - { - "name" : "USN-1660-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1660-1" - }, - { - "name" : "USN-1661-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1661-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36" + }, + { + "name": "SUSE-SU-2013:0856", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html" + }, + { + "name": "RHSA-2012:1580", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1580.html" + }, + { + "name": "[oss-security] 20121109 Re: CVE request --- acceptation of overlapping ipv6 fragments", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/09/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=874835", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874835" + }, + { + "name": "https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=70789d7052239992824628db8133de08dc78e593", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=70789d7052239992824628db8133de08dc78e593" + }, + { + "name": "https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf", + "refsource": "MISC", + "url": "https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf" + }, + { + "name": "USN-1661-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1661-1" + }, + { + "name": "USN-1660-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1660-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4795.json b/2012/4xxx/CVE-2012-4795.json index 4c2e519a4b7..7e2550cf4cc 100644 --- a/2012/4xxx/CVE-2012-4795.json +++ b/2012/4xxx/CVE-2012-4795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4795", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4795", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4914.json b/2012/4xxx/CVE-2012-4914.json index 5dd8ff380af..4347bf65769 100644 --- a/2012/4xxx/CVE-2012-4914.json +++ b/2012/4xxx/CVE-2012-4914.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-4914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70", - "refsource" : "MISC", - "url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70" - }, - { - "name" : "51602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70", + "refsource": "MISC", + "url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=70&Itemid=70" + }, + { + "name": "51602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51602" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4970.json b/2012/4xxx/CVE-2012-4970.json index 31395c1bfe8..591032c30ac 100644 --- a/2012/4xxx/CVE-2012-4970.json +++ b/2012/4xxx/CVE-2012-4970.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html" - }, - { - "name" : "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf", - "refsource" : "CONFIRM", - "url" : "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf" - }, - { - "name" : "1027926", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027926", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027926" + }, + { + "name": "20121226 Polycom HDX Video End Points Web Management Cross Site Scripting (XSS) vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html" + }, + { + "name": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf", + "refsource": "CONFIRM", + "url": "http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6293.json b/2012/6xxx/CVE-2012-6293.json index 1190c0c712f..fd0961b4d11 100644 --- a/2012/6xxx/CVE-2012-6293.json +++ b/2012/6xxx/CVE-2012-6293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2014.json b/2017/2xxx/CVE-2017-2014.json index 748dccd7d61..53d6b07f43e 100644 --- a/2017/2xxx/CVE-2017-2014.json +++ b/2017/2xxx/CVE-2017-2014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2014", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2014", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2089.json b/2017/2xxx/CVE-2017-2089.json index 94ddec0e1d9..6967c7b0be9 100644 --- a/2017/2xxx/CVE-2017-2089.json +++ b/2017/2xxx/CVE-2017-2089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2089", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2089", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2378.json b/2017/2xxx/CVE-2017-2378.json index b684d6b319f..56f91979fab 100644 --- a/2017/2xxx/CVE-2017-2378.json +++ b/2017/2xxx/CVE-2017-2378.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the \"WebKit\" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97129" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the \"WebKit\" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97129" + }, + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6086.json b/2017/6xxx/CVE-2017-6086.json index a362803a45c..220515149c5 100644 --- a/2017/6xxx/CVE-2017-6086.json +++ b/2017/6xxx/CVE-2017-6086.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to /application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to /application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to /application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to /application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to /application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to /application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to /application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to /application/controllers/AliasController.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41967", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41967/" - }, - { - "name" : "[oss-security] 20170503 [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/03/7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to /application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to /application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to /application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to /application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to /application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to /application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to /application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to /application/controllers/AliasController.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41967", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41967/" + }, + { + "name": "[oss-security] 20170503 [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/03/7" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6208.json b/2017/6xxx/CVE-2017-6208.json index 19599712949..33aab15552d 100644 --- a/2017/6xxx/CVE-2017-6208.json +++ b/2017/6xxx/CVE-2017-6208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6208", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6208", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6684.json b/2017/6xxx/CVE-2017-6684.json index 170b8b55671..0186b1c2a02 100644 --- a/2017/6xxx/CVE-2017-6684.json +++ b/2017/6xxx/CVE-2017-6684.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Elastic Services Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Elastic Services Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Default Credentials Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Elastic Services Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Elastic Services Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3" - }, - { - "name" : "98979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Default Credentials Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98979" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7454.json b/2017/7xxx/CVE-2017-7454.json index acc04fbce26..3032777ccd0 100644 --- a/2017/7xxx/CVE-2017-7454.json +++ b/2017/7xxx/CVE-2017-7454.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jsummers/imageworsener/issues/11", - "refsource" : "CONFIRM", - "url" : "https://github.com/jsummers/imageworsener/issues/11" - }, - { - "name" : "GLSA-201706-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-06" - }, - { - "name" : "97494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201706-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-06" + }, + { + "name": "97494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97494" + }, + { + "name": "https://github.com/jsummers/imageworsener/issues/11", + "refsource": "CONFIRM", + "url": "https://github.com/jsummers/imageworsener/issues/11" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11434.json b/2018/11xxx/CVE-2018-11434.json index 9f78aefa8a1..e11f96b3173 100644 --- a/2018/11xxx/CVE-2018-11434.json +++ b/2018/11xxx/CVE-2018-11434.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180528 libmobi 0.3 vulns", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180528 libmobi 0.3 vulns", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/48" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11976.json b/2018/11xxx/CVE-2018-11976.json index 2ec8ead8deb..3c7ca406a9c 100644 --- a/2018/11xxx/CVE-2018-11976.json +++ b/2018/11xxx/CVE-2018-11976.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11976", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11976", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14225.json b/2018/14xxx/CVE-2018-14225.json index 5ed5cf3b056..b88d5723e58 100644 --- a/2018/14xxx/CVE-2018-14225.json +++ b/2018/14xxx/CVE-2018-14225.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14225", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14225", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14455.json b/2018/14xxx/CVE-2018-14455.json index 3a9d63261fd..eeb94d8c140 100644 --- a/2018/14xxx/CVE-2018-14455.json +++ b/2018/14xxx/CVE-2018-14455.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14702.json b/2018/14xxx/CVE-2018-14702.json index aa62ecca8c8..88ccac4d0a2 100644 --- a/2018/14xxx/CVE-2018-14702.json +++ b/2018/14xxx/CVE-2018-14702.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14941.json b/2018/14xxx/CVE-2018-14941.json index 6ea6bdd64be..8370507fc1d 100644 --- a/2018/14xxx/CVE-2018-14941.json +++ b/2018/14xxx/CVE-2018-14941.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pudding2/NSG9000/blob/master/exp.txt", - "refsource" : "MISC", - "url" : "https://github.com/pudding2/NSG9000/blob/master/exp.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pudding2/NSG9000/blob/master/exp.txt", + "refsource": "MISC", + "url": "https://github.com/pudding2/NSG9000/blob/master/exp.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14952.json b/2018/14xxx/CVE-2018-14952.json index 9e8700be5e1..5a06c95d132 100644 --- a/2018/14xxx/CVE-2018-14952.json +++ b/2018/14xxx/CVE-2018-14952.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"