diff --git a/2002/0xxx/CVE-2002-0363.json b/2002/0xxx/CVE-2002-0363.json index 2c490dd8a5f..f51057be250 100644 --- a/2002/0xxx/CVE-2002-0363.json +++ b/2002/0xxx/CVE-2002-0363.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html", - "refsource" : "MISC", - "url" : "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html" - }, - { - "name" : "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html", - "refsource" : "MISC", - "url" : "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html" - }, - { - "name" : "RHSA-2002:083", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-083.html" - }, - { - "name" : "RHSA-2002:123", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-123.html" - }, - { - "name" : "RHSA-2003:209", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-209.html" - }, - { - "name" : "CSSA-2002-026.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt" - }, - { - "name" : "ghostscript-postscript-command-execution(9254)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9254.php" - }, - { - "name" : "4937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:209", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-209.html" + }, + { + "name": "4937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4937" + }, + { + "name": "CSSA-2002-026.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt" + }, + { + "name": "ghostscript-postscript-command-execution(9254)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9254.php" + }, + { + "name": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html", + "refsource": "MISC", + "url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html" + }, + { + "name": "RHSA-2002:083", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-083.html" + }, + { + "name": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html", + "refsource": "MISC", + "url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html" + }, + { + "name": "RHSA-2002:123", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-123.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0377.json b/2002/0xxx/CVE-2002-0377.json index 41fe9fae03c..c68c06cfff5 100644 --- a/2002/0xxx/CVE-2002-0377.json +++ b/2002/0xxx/CVE-2002-0377.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020512 Gaim abritary Email Reading", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102130733815285&w=2" - }, - { - "name" : "20020511 Gaim abritary Email Reading", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html" - }, - { - "name" : "http://gaim.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://gaim.sourceforge.net/ChangeLog" - }, - { - "name" : "gaim-email-access(9061)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9061.php" - }, - { - "name" : "4730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020512 Gaim abritary Email Reading", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102130733815285&w=2" + }, + { + "name": "4730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4730" + }, + { + "name": "http://gaim.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://gaim.sourceforge.net/ChangeLog" + }, + { + "name": "20020511 Gaim abritary Email Reading", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html" + }, + { + "name": "gaim-email-access(9061)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9061.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0484.json b/2002/0xxx/CVE-2002-0484.json index 8f10a1584ff..cd9c25581de 100644 --- a/2002/0xxx/CVE-2002-0484.json +++ b/2002/0xxx/CVE-2002-0484.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/263259" - }, - { - "name" : "20020317 move_uploaded_file breaks safe_mode restrictions in PHP", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/262999" - }, - { - "name" : "20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101683938806677&w=2" - }, - { - "name" : "http://bugs.php.net/bug.php?id=16128", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=16128" - }, - { - "name" : "php-moveuploadedfile-create-files(8591)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8591.php" - }, - { - "name" : "4325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020317 move_uploaded_file breaks safe_mode restrictions in PHP", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/262999" + }, + { + "name": "http://bugs.php.net/bug.php?id=16128", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=16128" + }, + { + "name": "php-moveuploadedfile-create-files(8591)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8591.php" + }, + { + "name": "4325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4325" + }, + { + "name": "20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101683938806677&w=2" + }, + { + "name": "20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/263259" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0671.json b/2002/0xxx/CVE-2002-0671.json index 6dc8adb87d4..3db59cc1b6a 100644 --- a/2002/0xxx/CVE-2002-0671.json +++ b/2002/0xxx/CVE-2002-0671.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A071202-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2002/a071202-1.txt" - }, - { - "name" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" - }, - { - "name" : "pingtel-xpressa-dns-spoofing(9566)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9566.php" - }, - { - "name" : "5224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", + "refsource": "CONFIRM", + "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" + }, + { + "name": "A071202-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt" + }, + { + "name": "5224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5224" + }, + { + "name": "pingtel-xpressa-dns-spoofing(9566)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9566.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1230.json b/2002/1xxx/CVE-2002-1230.json index 0b4757aaa81..186ef8b1484 100644 --- a/2002/1xxx/CVE-2002-1230.json +++ b/2002/1xxx/CVE-2002-1230.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via \"shatter\" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka \"Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://getad.chat.ru/", - "refsource" : "MISC", - "url" : "http://getad.chat.ru/" - }, - { - "name" : "http://www.packetstormsecurity.nl/filedesc/GetAd.c.html", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.nl/filedesc/GetAd.c.html" - }, - { - "name" : "MS02-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071" - }, - { - "name" : "N-027", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-027.shtml" - }, - { - "name" : "5927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5927" - }, - { - "name" : "oval:org.mitre.oval:def:681", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681" - }, - { - "name" : "win-netdde-gain-privileges(10343)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10343.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via \"shatter\" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka \"Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "N-027", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-027.shtml" + }, + { + "name": "5927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5927" + }, + { + "name": "http://www.packetstormsecurity.nl/filedesc/GetAd.c.html", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.nl/filedesc/GetAd.c.html" + }, + { + "name": "MS02-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071" + }, + { + "name": "http://getad.chat.ru/", + "refsource": "MISC", + "url": "http://getad.chat.ru/" + }, + { + "name": "oval:org.mitre.oval:def:681", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681" + }, + { + "name": "win-netdde-gain-privileges(10343)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10343.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1889.json b/2002/1xxx/CVE-2002-1889.json index 1c960052f11..a45f6fe17df 100644 --- a/2002/1xxx/CVE-2002-1889.json +++ b/2002/1xxx/CVE-2002-1889.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021004 vulnerabilities in logsurfer", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/294131" - }, - { - "name" : "ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc" - }, - { - "name" : "5898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5898" - }, - { - "name" : "logsurfer-contextaction-offbyone-bo(10287)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10287.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5898" + }, + { + "name": "ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc", + "refsource": "CONFIRM", + "url": "ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc" + }, + { + "name": "logsurfer-contextaction-offbyone-bo(10287)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10287.php" + }, + { + "name": "20021004 vulnerabilities in logsurfer", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/294131" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1916.json b/2002/1xxx/CVE-2002-1916.json index a9a5bf31310..06e8a1671f6 100644 --- a/2002/1xxx/CVE-2002-1916.json +++ b/2002/1xxx/CVE-2002-1916.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/6F00A205QQ.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/6F00A205QQ.html" - }, - { - "name" : "pirch-auto-log-dos(10395)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10395.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/windowsntfocus/6F00A205QQ.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/6F00A205QQ.html" + }, + { + "name": "pirch-auto-log-dos(10395)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10395.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2068.json b/2002/2xxx/CVE-2002-2068.json index 3ef2fffd2ef..f9b813e365c 100644 --- a/2002/2xxx/CVE-2002-2068.json +++ b/2002/2xxx/CVE-2002-2068.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/251565" - }, - { - "name" : "http://www.seifried.org/security/advisories/kssa-003.html", - "refsource" : "MISC", - "url" : "http://www.seifried.org/security/advisories/kssa-003.html" - }, - { - "name" : "M-034", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-034.shtml" - }, - { - "name" : "3912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3912" - }, - { - "name" : "ntfs-ads-file-wipe(7953)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7953.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3912" + }, + { + "name": "http://www.seifried.org/security/advisories/kssa-003.html", + "refsource": "MISC", + "url": "http://www.seifried.org/security/advisories/kssa-003.html" + }, + { + "name": "ntfs-ads-file-wipe(7953)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7953.php" + }, + { + "name": "M-034", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-034.shtml" + }, + { + "name": "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/251565" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2138.json b/2002/2xxx/CVE-2002-2138.json index b5971f659b5..126cb4326fa 100644 --- a/2002/2xxx/CVE-2002-2138.json +++ b/2002/2xxx/CVE-2002-2138.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0207-198", - "refsource" : "HP", - "url" : "http://online.securityfocus.com/advisories/4268" - }, - { - "name" : "5195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5195" - }, - { - "name" : "oval:org.mitre.oval:def:5654", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5654" - }, - { - "name" : "hp-as-rfcnetbios-dos(9536)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9536.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0207-198", + "refsource": "HP", + "url": "http://online.securityfocus.com/advisories/4268" + }, + { + "name": "5195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5195" + }, + { + "name": "oval:org.mitre.oval:def:5654", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5654" + }, + { + "name": "hp-as-rfcnetbios-dos(9536)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9536.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1280.json b/2005/1xxx/CVE-2005-1280.json index 6377e5c37a8..93bafe828b3 100644 --- a/2005/1xxx/CVE-2005-1280.json +++ b/2005/1xxx/CVE-2005-1280.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050426 tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/396930" - }, - { - "name" : "FLSA:156139", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/430292/100/0/threaded" - }, - { - "name" : "RHSA-2005:417", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-417.html" - }, - { - "name" : "RHSA-2005:421", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-421.html" - }, - { - "name" : "SCOSA-2005.60", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt" - }, - { - "name" : "13390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13390" - }, - { - "name" : "oval:org.mitre.oval:def:10732", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10732" - }, - { - "name" : "18146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18146" - }, - { - "name" : "15125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050426 tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/396930" + }, + { + "name": "15125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15125" + }, + { + "name": "RHSA-2005:421", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-421.html" + }, + { + "name": "oval:org.mitre.oval:def:10732", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10732" + }, + { + "name": "RHSA-2005:417", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-417.html" + }, + { + "name": "FLSA:156139", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded" + }, + { + "name": "SCOSA-2005.60", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt" + }, + { + "name": "18146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18146" + }, + { + "name": "13390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13390" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1816.json b/2005/1xxx/CVE-2005-1816.json index f77c26dfff8..312e1393527 100644 --- a/2005/1xxx/CVE-2005-1816.json +++ b/2005/1xxx/CVE-2005-1816.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the \"Move users in this group to\" screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050528 Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html" - }, - { - "name" : "13797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13797" - }, - { - "name" : "15545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the \"Move users in this group to\" screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15545" + }, + { + "name": "13797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13797" + }, + { + "name": "20050528 Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1837.json b/2005/1xxx/CVE-2005-1837.json index f6957658b19..067fa6bdcee 100644 --- a/2005/1xxx/CVE-2005-1837.json +++ b/2005/1xxx/CVE-2005-1837.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050601 Backdoor in =?ISO-8859-1?Q?Fortinet=B4s_firewall_Fortigate?=", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111773657526375&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050601 Backdoor in =?ISO-8859-1?Q?Fortinet=B4s_firewall_Fortigate?=", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111773657526375&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0117.json b/2009/0xxx/CVE-2009-0117.json index bc5702ed85c..bdb0d8dd8ca 100644 --- a/2009/0xxx/CVE-2009-0117.json +++ b/2009/0xxx/CVE-2009-0117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0117", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0117", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0209.json b/2009/0xxx/CVE-2009-0209.json index 807d87addd7..158b8afb17c 100644 --- a/2009/0xxx/CVE-2009-0209.json +++ b/2009/0xxx/CVE-2009-0209.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-0209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090930 C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506826/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090930 C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506826/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1202.json b/2009/1xxx/CVE-2009-1202.json index f23124c6f5b..5032c336a07 100644 --- a/2009/1xxx/CVE-2009-1202.json +++ b/2009/1xxx/CVE-2009-1202.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504516/100/0/threaded" - }, - { - "name" : "35480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35480" - }, - { - "name" : "1022457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022457" - }, - { - "name" : "35511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35511" - }, - { - "name" : "ADV-2009-1713", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded" + }, + { + "name": "1022457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022457" + }, + { + "name": "35480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35480" + }, + { + "name": "ADV-2009-1713", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1713" + }, + { + "name": "35511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35511" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1331.json b/2009/1xxx/CVE-2009-1331.json index 59c592b83e4..c3902d46def 100644 --- a/2009/1xxx/CVE-2009-1331.json +++ b/2009/1xxx/CVE-2009-1331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8445", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8445" - }, - { - "name" : "34534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34534" - }, - { - "name" : "53804", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34534" + }, + { + "name": "53804", + "refsource": "OSVDB", + "url": "http://osvdb.org/53804" + }, + { + "name": "8445", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8445" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1436.json b/2009/1xxx/CVE-2009-1436.json index da234fe0079..41264831f9c 100644 --- a/2009/1xxx/CVE-2009-1436.json +++ b/2009/1xxx/CVE-2009-1436.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756" - }, - { - "name" : "FreeBSD-SA-09:07", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc" - }, - { - "name" : "34666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34666" - }, - { - "name" : "53918", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53918" - }, - { - "name" : "1022113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022113" - }, - { - "name" : "34810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34666" + }, + { + "name": "53918", + "refsource": "OSVDB", + "url": "http://osvdb.org/53918" + }, + { + "name": "FreeBSD-SA-09:07", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc" + }, + { + "name": "34810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34810" + }, + { + "name": "1022113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022113" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1831.json b/2009/1xxx/CVE-2009-1831.json index de880b8b505..edd43ad1163 100644 --- a/2009/1xxx/CVE-2009-1831.json +++ b/2009/1xxx/CVE-2009-1831.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8767", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8767" - }, - { - "name" : "8770", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8770" - }, - { - "name" : "8772", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8772" - }, - { - "name" : "8783", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8783" - }, - { - "name" : "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html", - "refsource" : "MISC", - "url" : "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html" - }, - { - "name" : "35052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35052" - }, - { - "name" : "oval:org.mitre.oval:def:15683", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683" - }, - { - "name" : "winamp-maki-overflow(50664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35052" + }, + { + "name": "8783", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8783" + }, + { + "name": "winamp-maki-overflow(50664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664" + }, + { + "name": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html", + "refsource": "MISC", + "url": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html" + }, + { + "name": "oval:org.mitre.oval:def:15683", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683" + }, + { + "name": "8770", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8770" + }, + { + "name": "8767", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8767" + }, + { + "name": "8772", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8772" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1902.json b/2009/1xxx/CVE-2009-1902.json index befc5f79d7e..9edc9fd6814 100644 --- a/2009/1xxx/CVE-2009-1902.json +++ b/2009/1xxx/CVE-2009-1902.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090319 [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501968" - }, - { - "name" : "8241", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8241" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846" - }, - { - "name" : "FEDORA-2009-2654", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html" - }, - { - "name" : "FEDORA-2009-2686", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html" - }, - { - "name" : "GLSA-200907-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-02.xml" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "34096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34096" - }, - { - "name" : "52553", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/52553" - }, - { - "name" : "34256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34256" - }, - { - "name" : "34311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34311" - }, - { - "name" : "35687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35687" - }, - { - "name" : "ADV-2009-0703", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0703" - }, - { - "name" : "modsecurity-multipart-dos(49212)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-2654", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html" + }, + { + "name": "modsecurity-multipart-dos(49212)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49212" + }, + { + "name": "8241", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8241" + }, + { + "name": "GLSA-200907-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-02.xml" + }, + { + "name": "34256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34256" + }, + { + "name": "35687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35687" + }, + { + "name": "52553", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/52553" + }, + { + "name": "34311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34311" + }, + { + "name": "FEDORA-2009-2686", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "20090319 [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501968" + }, + { + "name": "ADV-2009-0703", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0703" + }, + { + "name": "34096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34096" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0171.json b/2012/0xxx/CVE-2012-0171.json index 9f2e3b816d0..6ece7e4a2ac 100644 --- a/2012/0xxx/CVE-2012-0171.json +++ b/2012/0xxx/CVE-2012-0171.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"SelectAll Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023" - }, - { - "name" : "TA12-101A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-101A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15313", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15313" - }, - { - "name" : "1026901", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026901" - }, - { - "name" : "ms-ie-selectall-code-exec(74382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"SelectAll Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS12-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023" + }, + { + "name": "1026901", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026901" + }, + { + "name": "TA12-101A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html" + }, + { + "name": "ms-ie-selectall-code-exec(74382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74382" + }, + { + "name": "oval:org.mitre.oval:def:15313", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15313" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0476.json b/2012/0xxx/CVE-2012-0476.json index b4db8218e50..48b9377788a 100644 --- a/2012/0xxx/CVE-2012-0476.json +++ b/2012/0xxx/CVE-2012-0476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0476", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0476", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0629.json b/2012/0xxx/CVE-2012-0629.json index 4770fd01bbf..6df292c0004 100644 --- a/2012/0xxx/CVE-2012-0629.json +++ b/2012/0xxx/CVE-2012-0629.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "oval:org.mitre.oval:def:17419", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17419" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "oval:org.mitre.oval:def:17419", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17419" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2523.json b/2012/2xxx/CVE-2012-2523.json index 68994e1767b..73ed7e74cbd 100644 --- a/2012/2xxx/CVE-2012-2523.json +++ b/2012/2xxx/CVE-2012-2523.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka \"JavaScript Integer Overflow Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052" - }, - { - "name" : "MS12-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-056" - }, - { - "name" : "TA12-227A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15790", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka \"JavaScript Integer Overflow Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS12-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052" + }, + { + "name": "MS12-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-056" + }, + { + "name": "TA12-227A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" + }, + { + "name": "oval:org.mitre.oval:def:15790", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15790" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3292.json b/2012/3xxx/CVE-2012-3292.json index ded83cb9f30..e016ca9e21a 100644 --- a/2012/3xxx/CVE-2012-3292.json +++ b/2012/3xxx/CVE-2012-3292.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jira.globus.org/browse/GT-195", - "refsource" : "CONFIRM", - "url" : "http://jira.globus.org/browse/GT-195" - }, - { - "name" : "DSA-2523", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2523" - }, - { - "name" : "FEDORA-2012-8445", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html" - }, - { - "name" : "FEDORA-2012-8461", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html" - }, - { - "name" : "FEDORA-2012-8488", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-8488", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html" + }, + { + "name": "DSA-2523", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2523" + }, + { + "name": "http://jira.globus.org/browse/GT-195", + "refsource": "CONFIRM", + "url": "http://jira.globus.org/browse/GT-195" + }, + { + "name": "FEDORA-2012-8445", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html" + }, + { + "name": "FEDORA-2012-8461", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3486.json b/2012/3xxx/CVE-2012-3486.json index 8987cdb7bcf..8a6d3d4d17f 100644 --- a/2012/3xxx/CVE-2012-3486.json +++ b/2012/3xxx/CVE-2012-3486.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html" - }, - { - "name" : "[oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/14/1" - }, - { - "name" : "http://code.google.com/p/tunnelblick/issues/detail?id=212", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/tunnelblick/issues/detail?id=212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/14/1" + }, + { + "name": "http://code.google.com/p/tunnelblick/issues/detail?id=212", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/tunnelblick/issues/detail?id=212" + }, + { + "name": "20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3618.json b/2012/3xxx/CVE-2012-3618.json index cf3225ba818..442fa06b9e4 100644 --- a/2012/3xxx/CVE-2012-3618.json +++ b/2012/3xxx/CVE-2012-3618.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3665.json b/2012/3xxx/CVE-2012-3665.json index ac66ad1efc7..e4fb4fbd830 100644 --- a/2012/3xxx/CVE-2012-3665.json +++ b/2012/3xxx/CVE-2012-3665.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3905.json b/2012/3xxx/CVE-2012-3905.json index 98656379d91..54bd99de541 100644 --- a/2012/3xxx/CVE-2012-3905.json +++ b/2012/3xxx/CVE-2012-3905.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3905", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3905", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4039.json b/2012/4xxx/CVE-2012-4039.json index 8443764f251..347556f8a17 100644 --- a/2012/4xxx/CVE-2012-4039.json +++ b/2012/4xxx/CVE-2012-4039.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4039", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4039", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4562.json b/2012/4xxx/CVE-2012-4562.json index c62d7302df6..d1ab5583efc 100644 --- a/2012/4xxx/CVE-2012-4562.json +++ b/2012/4xxx/CVE-2012-4562.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=871620", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=871620" - }, - { - "name" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", - "refsource" : "CONFIRM", - "url" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/" - }, - { - "name" : "DSA-2577", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2577" - }, - { - "name" : "FEDORA-2012-18610", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html" - }, - { - "name" : "FEDORA-2012-18677", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html" - }, - { - "name" : "MDVSA-2012:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175" - }, - { - "name" : "SUSE-SU-2012:1520", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html" - }, - { - "name" : "openSUSE-SU-2012:1620", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2012:1622", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html" - }, - { - "name" : "openSUSE-SU-2013:0130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html" - }, - { - "name" : "USN-1640-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1640-1" - }, - { - "name" : "56604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56604" - }, - { - "name" : "libssh-buffer-bo(80221)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1520", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html" + }, + { + "name": "DSA-2577", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2577" + }, + { + "name": "MDVSA-2012:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175" + }, + { + "name": "USN-1640-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1640-1" + }, + { + "name": "openSUSE-SU-2013:0130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html" + }, + { + "name": "openSUSE-SU-2012:1622", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=871620", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871620" + }, + { + "name": "FEDORA-2012-18610", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html" + }, + { + "name": "openSUSE-SU-2012:1620", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html" + }, + { + "name": "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/3" + }, + { + "name": "libssh-buffer-bo(80221)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221" + }, + { + "name": "FEDORA-2012-18677", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html" + }, + { + "name": "56604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56604" + }, + { + "name": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", + "refsource": "CONFIRM", + "url": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4724.json b/2012/4xxx/CVE-2012-4724.json index 9e20eb37cf0..dfc9f12aa0c 100644 --- a/2012/4xxx/CVE-2012-4724.json +++ b/2012/4xxx/CVE-2012-4724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4724", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4724", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4864.json b/2012/4xxx/CVE-2012-4864.json index e14935fd3c5..ab9a459de7c 100644 --- a/2012/4xxx/CVE-2012-4864.json +++ b/2012/4xxx/CVE-2012-4864.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18637", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18637" - }, - { - "name" : "http://packetstormsecurity.org/files/111034", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111034" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php" - }, - { - "name" : "52650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52650" - }, - { - "name" : "winlicense-xml-code-execution(74170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php" + }, + { + "name": "52650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52650" + }, + { + "name": "http://packetstormsecurity.org/files/111034", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111034" + }, + { + "name": "18637", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18637" + }, + { + "name": "winlicense-xml-code-execution(74170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74170" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6132.json b/2012/6xxx/CVE-2012-6132.json index d58d905a404..f555d744678 100644 --- a/2012/6xxx/CVE-2012-6132.json +++ b/2012/6xxx/CVE-2012-6132.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/2" - }, - { - "name" : "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/13/8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=722672", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=722672" - }, - { - "name" : "roundup-cve20126132-otk-xss(84191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672" + }, + { + "name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/13/8" + }, + { + "name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/2" + }, + { + "name": "roundup-cve20126132-otk-xss(84191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6343.json b/2012/6xxx/CVE-2012-6343.json index 86734245aa6..b5d28164a3a 100644 --- a/2012/6xxx/CVE-2012-6343.json +++ b/2012/6xxx/CVE-2012-6343.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6343", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6343", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6464.json b/2012/6xxx/CVE-2012-6464.json index 9d892307d6e..40a49bb580a 100644 --- a/2012/6xxx/CVE-2012-6464.json +++ b/2012/6xxx/CVE-2012-6464.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/unified/1210/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unified/1210/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1032/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1032/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/support/kb/view/1032/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1032/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unified/1210/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unified/1210/" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6483.json b/2012/6xxx/CVE-2012-6483.json index 6c999668d61..b88bc605163 100644 --- a/2012/6xxx/CVE-2012-6483.json +++ b/2012/6xxx/CVE-2012-6483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6483", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6483", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2350.json b/2017/2xxx/CVE-2017-2350.json index cb3d1800331..4935e103ff9 100644 --- a/2017/2xxx/CVE-2017-2350.json +++ b/2017/2xxx/CVE-2017-2350.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207482", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207482" - }, - { - "name" : "https://support.apple.com/HT207484", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207484" - }, - { - "name" : "https://support.apple.com/HT207485", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207485" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "95727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95727" - }, - { - "name" : "1037668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95727" + }, + { + "name": "https://support.apple.com/HT207485", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207485" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207484", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207484" + }, + { + "name": "https://support.apple.com/HT207482", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207482" + }, + { + "name": "1037668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037668" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2594.json b/2017/2xxx/CVE-2017-2594.json index 19fcc21029c..932fdaddbce 100644 --- a/2017/2xxx/CVE-2017-2594.json +++ b/2017/2xxx/CVE-2017-2594.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "hawtio", - "version" : { - "version_data" : [ - { - "version_value" : "hawtio 2.0-beta-1" - }, - { - "version_value" : " hawtio 2.0-beta-2 hawtio 2.0-M1" - }, - { - "version_value" : " hawtio 2.0-M2" - }, - { - "version_value" : " hawtio 2.0-M3" - }, - { - "version_value" : " hawtio 1.5" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-209" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "hawtio", + "version": { + "version_data": [ + { + "version_value": "hawtio 2.0-beta-1" + }, + { + "version_value": " hawtio 2.0-beta-2 hawtio 2.0-M1" + }, + { + "version_value": " hawtio 2.0-M2" + }, + { + "version_value": " hawtio 2.0-M3" + }, + { + "version_value": " hawtio 1.5" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://access.redhat.com/errata/RHSA-2017:1832", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/errata/RHSA-2017:1832" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594" - }, - { - "name" : "95793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594" + }, + { + "name": "https://access.redhat.com/errata/RHSA-2017:1832", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/errata/RHSA-2017:1832" + }, + { + "name": "95793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95793" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6047.json b/2017/6xxx/CVE-2017-6047.json index 2b29187a444..cdbec694b91 100644 --- a/2017/6xxx/CVE-2017-6047.json +++ b/2017/6xxx/CVE-2017-6047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6577.json b/2017/6xxx/CVE-2017-6577.json index 7825361f8d6..7938962759b 100644 --- a/2017/6xxx/CVE-2017-6577.json +++ b/2017/6xxx/CVE-2017-6577.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", - "refsource" : "MISC", - "url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" - }, - { - "name" : "96783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96783" + }, + { + "name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", + "refsource": "MISC", + "url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6597.json b/2017/6xxx/CVE-2017-6597.json index d252945ce20..91b07a38475 100644 --- a/2017/6xxx/CVE-2017-6597.json +++ b/2017/6xxx/CVE-2017-6597.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance", + "version": { + "version_data": [ + { + "version_value": "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli" - }, - { - "name" : "97476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97476" - }, - { - "name" : "1038195", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038195", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038195" + }, + { + "name": "97476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97476" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6703.json b/2017/6xxx/CVE-2017-6703.json index eac812c9989..40ce5b9f77c 100644 --- a/2017/6xxx/CVE-2017-6703.json +++ b/2017/6xxx/CVE-2017-6703.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning Tool", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning Tool" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Session Hijacking Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning Tool", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning Tool" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1" - }, - { - "name" : "99224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99224" - }, - { - "name" : "1038744", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Hijacking Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038744", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038744" + }, + { + "name": "99224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99224" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11182.json b/2018/11xxx/CVE-2018-11182.json index 92c24694368..a5e75cea410 100644 --- a/2018/11xxx/CVE-2018-11182.json +++ b/2018/11xxx/CVE-2018-11182.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11246.json b/2018/11xxx/CVE-2018-11246.json index 0a287f0fff3..bf0d1c915f7 100644 --- a/2018/11xxx/CVE-2018-11246.json +++ b/2018/11xxx/CVE-2018-11246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11246", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11246", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11334.json b/2018/11xxx/CVE-2018-11334.json index ff5bc48eb48..2ea45697299 100644 --- a/2018/11xxx/CVE-2018-11334.json +++ b/2018/11xxx/CVE-2018-11334.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\\\.\\pipe\\WindscribeService." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/drmint80/e5f8a3b8b8324c50a85d9b8623197c68", - "refsource" : "MISC", - "url" : "https://gist.github.com/drmint80/e5f8a3b8b8324c50a85d9b8623197c68" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\\\.\\pipe\\WindscribeService." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/drmint80/e5f8a3b8b8324c50a85d9b8623197c68", + "refsource": "MISC", + "url": "https://gist.github.com/drmint80/e5f8a3b8b8324c50a85d9b8623197c68" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11961.json b/2018/11xxx/CVE-2018-11961.json index add6b508875..2130b26b5d7 100644 --- a/2018/11xxx/CVE-2018-11961.json +++ b/2018/11xxx/CVE-2018-11961.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in GPS." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" - }, - { - "name" : "106136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in GPS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106136" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14215.json b/2018/14xxx/CVE-2018-14215.json index 7be3179db9c..8a0ab7b27ad 100644 --- a/2018/14xxx/CVE-2018-14215.json +++ b/2018/14xxx/CVE-2018-14215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14215", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14215", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14308.json b/2018/14xxx/CVE-2018-14308.json index 2b3b7a498e9..df9c79fce26 100644 --- a/2018/14xxx/CVE-2018-14308.json +++ b/2018/14xxx/CVE-2018-14308.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-768", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-768" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-768", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-768" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14600.json b/2018/14xxx/CVE-2018-14600.json index 6aa42a20b21..4c5937cdb30 100644 --- a/2018/14xxx/CVE-2018-14600.json +++ b/2018/14xxx/CVE-2018-14600.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180821 X.Org security advisory: August 21, 2018", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/08/21/6" - }, - { - "name" : "[xorg-announce] 20180821 libX11 1.6.6", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2018-August/002916.html" - }, - { - "name" : "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1102068", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1102068" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea" - }, - { - "name" : "GLSA-201811-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-01" - }, - { - "name" : "USN-3758-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3758-2/" - }, - { - "name" : "USN-3758-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3758-1/" - }, - { - "name" : "105177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105177" - }, - { - "name" : "1041543", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3758-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3758-2/" + }, + { + "name": "GLSA-201811-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-01" + }, + { + "name": "105177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105177" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102068", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102068" + }, + { + "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6" + }, + { + "name": "1041543", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041543" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea" + }, + { + "name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html" + }, + { + "name": "[xorg-announce] 20180821 libX11 1.6.6", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html" + }, + { + "name": "USN-3758-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3758-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15162.json b/2018/15xxx/CVE-2018-15162.json index debfd61f317..7059ea72a2b 100644 --- a/2018/15xxx/CVE-2018-15162.json +++ b/2018/15xxx/CVE-2018-15162.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15162", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15162", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15444.json b/2018/15xxx/CVE-2018-15444.json index bfa0608a56f..7ecd2e5e161 100644 --- a/2018/15xxx/CVE-2018-15444.json +++ b/2018/15xxx/CVE-2018-15444.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", - "ID" : "CVE-2018-15444", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Energy Management Suite XML External Entity Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Energy Management Suite ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "6.3", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-611" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-11-07T16:00:00-0600", + "ID": "CVE-2018-15444", + "STATE": "PUBLIC", + "TITLE": "Cisco Energy Management Suite XML External Entity Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Energy Management Suite ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-36", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-36" - }, - { - "name" : "20181107 Cisco Energy Management Suite XML External Entity Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-ems-xml-xxe" - }, - { - "name" : "105860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105860" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181107-ems-xml-xxe", - "defect" : [ - [ - "CSCvm38505" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181107 Cisco Energy Management Suite XML External Entity Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-ems-xml-xxe" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-36", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-36" + }, + { + "name": "105860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105860" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181107-ems-xml-xxe", + "defect": [ + [ + "CSCvm38505" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15455.json b/2018/15xxx/CVE-2018-15455.json index 4de6c406abe..cc60b55f4e4 100644 --- a/2018/15xxx/CVE-2018-15455.json +++ b/2018/15xxx/CVE-2018-15455.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-23T16:00:00-0800", - "ID" : "CVE-2018-15455", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "6.1", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-23T16:00:00-0800", + "ID": "CVE-2018-15455", + "STATE": "PUBLIC", + "TITLE": "Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190123 Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss" - }, - { - "name" : "106708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106708" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190123-isel-xss", - "defect" : [ - [ - "CSCvm62862" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190123 Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss" + }, + { + "name": "106708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106708" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190123-isel-xss", + "defect": [ + [ + "CSCvm62862" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20008.json b/2018/20xxx/CVE-2018-20008.json index 9566e9cffcd..6f77601587b 100644 --- a/2018/20xxx/CVE-2018-20008.json +++ b/2018/20xxx/CVE-2018-20008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20121.json b/2018/20xxx/CVE-2018-20121.json index 28cbaf7d530..b7a2872a488 100644 --- a/2018/20xxx/CVE-2018-20121.json +++ b/2018/20xxx/CVE-2018-20121.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20121", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20121", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20211.json b/2018/20xxx/CVE-2018-20211.json index 20c027e08a1..7bb67d13353 100644 --- a/2018/20xxx/CVE-2018-20211.json +++ b/2018/20xxx/CVE-2018-20211.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\par-%username%\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/44" - }, - { - "name" : "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\par-%username%\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/44" + }, + { + "name": "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20372.json b/2018/20xxx/CVE-2018-20372.json index a84b57c6182..744b40698fd 100644 --- a/2018/20xxx/CVE-2018-20372.json +++ b/2018/20xxx/CVE-2018-20372.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=1990", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=1990" - }, - { - "name" : "https://www.youtube.com/watch?v=HUM5myJWbvc", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=HUM5myJWbvc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=1990", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=1990" + }, + { + "name": "https://www.youtube.com/watch?v=HUM5myJWbvc", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=HUM5myJWbvc" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20776.json b/2018/20xxx/CVE-2018-20776.json index 830471c880e..2e40bc5ff05 100644 --- a/2018/20xxx/CVE-2018-20776.json +++ b/2018/20xxx/CVE-2018-20776.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Frog CMS 0.9.5 provides a directory listing for a /public request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/philippe/FrogCMS/issues/21", - "refsource" : "MISC", - "url" : "https://github.com/philippe/FrogCMS/issues/21" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Frog CMS 0.9.5 provides a directory listing for a /public request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/philippe/FrogCMS/issues/21", + "refsource": "MISC", + "url": "https://github.com/philippe/FrogCMS/issues/21" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9097.json b/2018/9xxx/CVE-2018-9097.json index d6d4871c226..a48fdcdb43c 100644 --- a/2018/9xxx/CVE-2018-9097.json +++ b/2018/9xxx/CVE-2018-9097.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9097", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9097", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9269.json b/2018/9xxx/CVE-2018-9269.json index 153836ad778..036e20a2867 100644 --- a/2018/9xxx/CVE-2018-9269.json +++ b/2018/9xxx/CVE-2018-9269.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" - }, - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-24.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-24.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-24.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-24.html" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" + } + ] + } +} \ No newline at end of file